Malware Continues to Attack German Car Industry for Nearly a Year

A long-running malware campaign targeting German auto manufacturing companies has been revealed in a report by Check Point researchers.

The targets included several German automakers and car dealers, and the attackers registered multiple similar domains for use in the attack by cloning the legitimate sites of companies in the field.

These sites are used to send phishing emails written in German and host malware payloads that are downloaded to target systems.

According to the report, the attack campaign started around July 2021 (and possibly March) and is still ongoing.

Target the German Automotive Industry

A malware infection chain begins with an email sent to a specific target containing an ISO disk image file that bypasses many internet security controls.

The archive in turn contains an HTA file that contains JavaScript or VBScript code that is executed via HTML smuggling.

Malware Infection Chain

This is a technique that is used regularly by hackers of all skill levels, from “script kiddies” who rely on automated toolkits to state hackers who deploy custom backdoors.

When the victim sees the decoy document opened via the HTA file, malicious code runs in the background, fetching and launching the malware payload.

The security researchers noted: “We found multiple versions of these scripts, some triggering PowerShell code, some obfuscated, and others in plain text. They all download and execute various MaaS (Malware as a Service) information stealers. ”

The MaaS info stealers used in this campaign varied, including Raccoon Stealer, AZORult, and BitRAT. All three are available for purchase on cybercrime markets and darknet forums.

In later versions of the HTA file, run PowerShell code to change registry values ​​and enable content on the Microsoft Office suite. This eliminates the need for an attacker to trick receivers into enabling macros, reducing the payload drop rate.

Goals and Attribution

Check Point said the 14 targeted entities it has tracked for these attacks are all German organizations with some ties to the auto-manufacturing industry. However, no specific company names were mentioned in the report.

The info-stealing payload was hosted on an Iranian-registered site (“bornagroup[.]ir”), while the same email was used for phishing subdomains such as “groupschumecher[.]com”.

Threat analysts were able to find links to different phishing campaigns targeting Santander customers, verifying that the campaign’s website was hosted on an Iranian ISP.

Attacker’s Infrastructure

All in all, it’s very likely that Iranian threat actors orchestrated the campaign, but Check Point doesn’t have enough evidence to prove its attribution.

Finally, regarding the targeting of the campaign, it is likely industrial espionage or BEC (commercial email compromise) against these companies or their customers, suppliers and contractors.

Conclusion

Today, businesses of all sizes across all industries face the growing threat of ransomware attacks. Storage systems may seem to have little to do with an organization’s cybersecurity posture and policies, but it just might be the best defense. Some features and components of virtual machine backup, such as easy-to-manage, cost-effective, and storage-friendly, make it essential to protect sensitive data from ransomware attacks, helping to create unbreakable cloud storage for enterprise data centers and effectively prevent ransomware attack. Most common used VM backup solution includes VMware Backup, Xenserver Backup, oVirt Backup and so on.

Explore more

Top 5 Benefits of Recycling Batteries

As technology uses continues to increase, batteries have become a necessity in different operations. Unfortunately, battery landfills have rendered the need to find sustainable...

What is the Importance of Process Mining in Businesses?

Are you looking to discover excellent ways to increase revenue, improve customer/employee satisfaction, or boost work performance and efficiency? If yes, then your step...

A Complete Guide To Applications And Techniques In Molding Manufacturing

Moulding is a versatile and essential manufacturing process used across various industries to create various products, from everyday household items to complex industrial components....

A Comprehensive Guide To Evolution Of Optical Products

Optical products, integral to various industries ranging from consumer electronics to aerospace, have significantly evolved over the past few decades. Technological advancements, changes in...
How to Prevent Foreclosure

How to Prevent Foreclosure

We all face financial hardships from time to time. Job loss, medical issues, and financial emergencies (such as a broken-down car) can all make...
Books on Cryptocurrencies and Blockchain Technology Worth Reading

Books on Cryptocurrencies and Blockchain Technology Worth Reading

You're diving into cryptocurrencies and blockchain technology, and these books are essential. 'Mastering Bitcoin' by Andreas M. Antonopoulos offers deep technical insights on Bitcoin's...
Health

Prune Trees, Shrubs, And Flowers For Healthy Growth

Pruning is essential. It helps flowers, shrubs, and trees stay healthy and shaped. All plants need pruning at the right time. The ideal seasons...

One Click Away: Why You Should Buy Travel Insurance Online

We live in a world where convenience is given the most importance, whether it is a product or service. As the world moves towards...