Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label RMS. Show all posts

Hackers Use RMS and Teamviewer To Attack Industrial Enterprises

 

In a recent report by cybersecurity firm Kaspersky, experts explained how there were certain modifications in attack campaign strategies and plans against industrial organizations. In 2018, Kaspersky had issued a report describing the use of Teamviewer and RMS (Remote Manipulator System) related to the attack campaign. However, since that attack, the hackers have evolved in techniques and attack strategies, becoming more effective and sophisticated. 

Attack Details 
  • Experts believe that the hackers have been found using fakes of legal documents that work as an instructional manual for industrial enterprises in recent attacks. The records, experts believe, were hacked in the earlier threats that hackers use to target industries. 
  • In a recent threat, hackers targeted various industries in Russia, and their primary target was the energy sector. Besides this, the hackers attacked logistics, mining, construction, engineering, metal industry, manufacturing, and oil sectors. 
  • The hackers use remote control softwares like Teamviewer and RMS for communicating during the attacks. Earlier, hackers used c2c (command-and-control) servers for the attacks. 
  • Hackers use Mimikatz utility and spyware to steal login credentials for the attacks. They also use it to attack other systems in industrial enterprises. 
  • The final aim of hackers is to take out money from industrial organizations. 

Recent attack details 
  • In recent attacks, experts noticed that various APT groups used simple hacking methods that were very effective in targetting industrial infrastructure. 
  • In a recent incident, Hacking group MontysThree APT deployed espionage attacks against an international video production and architecture company. They used PhysXPluginMfx (a third-party MAXScript exploit) and steganography for the attacks. 
  • In a similar espionage attack, hackers used infected payload as a plugin for the attacks against industrial enterprises. 

Summary 
While attacking industrial organizations, threat actors use simple but effective hacking methods that yield brilliant results. The change in hacking methods has put cybersecurity on an alert. To be safe from these attacks, experts recommend organizations to keep their cybersecurity operations updated and make it their priority. Kaspersky says, "Phishing emails used in this attack are, in most cases, disguised as business correspondence between organizations. Specifically, the attackers send claim letters on behalf of a large industrial company."