Threat Actor Targets Manufacturing Industry With Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated cyberattack campaign targeting the manufacturing industry has been identified, utilizing a deceptive LNK file disguised as a PDF document. The attack leverages multiple Living-off-the-Land Binaries and Google Accelerated Mobile Pages to evade detection. The threat actor employs various techniques, including DLL sideloading and process injection, to deploy Lumma Stealer and Amadey Bot. These malware strains enable the attacker to gain control and exfiltrate sensitive information from victim machines. The campaign's infection chain involves multiple stages of code injection and uses legitimate system tools to execute malicious PowerShell commands. The attackers demonstrate adaptability by using URL shortening and AMP URLs to bypass traditional security mechanisms.
OPENCTI LABELS :
powershell,lnk file,process injection,lumma stealer,dll sideloading,manufacturing,code injection,amadey bot,amp url
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Threat Actor Targets Manufacturing Industry With Malware