Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images.
The technique is called steganography and in these incidents the actors used public hosting imaging services to evade network traffic scanners and control tools that would flag the malicious download.
Payload tailored to target's language
Victims in multiple countries (Japan, the U.K., Germany, Italy) were identified. Some of them supply equipment and software solutions to industrial enterprises.
The attacks started with a phishing email containing a Microsoft Office document with malicious macro code whose role is to decrypt and execute an initial PowerShell script.
... ...