Sophisticated Spearphishing Attack Campaign Delivers Agent Tesla and Formbook to Maritime Industry

A sophisticated spearphishing attack campaign has targeted the maritime industry, delivering Agent Tesla and Formbook malware. Find out how the attackers managed to sneak past security solutions and what steps you can take to protect your organization. Read more now.

A single threat cluster conducted a sophisticated spearphishing attack campaign against the maritime industry, delivering Agent Tesla and Formbook malware. The campaign was first detected in October 2020, and it persisted for over a year before being detected. The email body usually pretended to inform recipients that the ship was docking at a port and asked the target to click on a malicious attachment for more details. Researchers found 20 such emails that appeared to come from a shipping company headquartered in Norway.

You might also like:

In mid-2022, the campaign switched from Agent Tesla to Formbook using CAB file attachments, and the threat cluster used four different delivery techniques to distribute Formbook. The use of commodity RATs suggests that the group is focused on obtaining sensitive information such as credentials, session tokens, and email lists, which could be leveraged in future BEC attacks or sold to provide initial access to other operators.

Although the identity of the threat group remains unknown, the maritime industry is vulnerable to future attacks, and experts suggest that maritime companies should focus on training their crew to recognize phishing lures to prevent threats due to phishing emails. The industry has also become a significant target of ransomware attacks, which calls for a proper review of cyber risks in shipboard operations, bridge communications, cargo operations, and other critical operations.

Share This Message