In a recent report by cybersecurity firm Kaspersky, experts explained how there were certain modifications in attack campaign strategies and plans against industrial organizations. In 2018, Kaspersky had issued a report describing the use of Teamviewer and RMS (Remote Manipulator System) related to the attack campaign. However, since that attack, the hackers have evolved in techniques and attack strategies, becoming more effective and sophisticated.
- Experts believe that the hackers have been found using fakes of legal documents that work as an instructional manual for industrial enterprises in recent attacks. The records, experts believe, were hacked in the earlier threats that hackers use to target industries.
- In a recent threat, hackers targeted various industries in Russia, and their primary target was the energy sector. Besides this, the hackers attacked logistics, mining, construction, engineering, metal industry, manufacturing, and oil sectors.
- The hackers use remote control softwares like Teamviewer and RMS for communicating during the attacks. Earlier, hackers used c2c (command-and-control) servers for the attacks.
- Hackers use Mimikatz utility and spyware to steal login credentials for the attacks. They also use it to attack other systems in industrial enterprises.
- The final aim of hackers is to take out money from industrial organizations.
- In recent attacks, experts noticed that various APT groups used simple hacking methods that were very effective in targetting industrial infrastructure.
- In a recent incident, Hacking group MontysThree APT deployed espionage attacks against an international video production and architecture company. They used PhysXPluginMfx (a third-party MAXScript exploit) and steganography for the attacks.
- In a similar espionage attack, hackers used infected payload as a plugin for the attacks against industrial enterprises.
Source: E Hacking news
Hackers Use RMS and Teamviewer To Attack Industrial Enterprises