North American transport and logistics firms have been subjected to intrusions deploying several information-stealing malware payloads and remote access trojans as part of a phishing campaign that began in May, reports The Hacker News.
Attacks conducted until July involved the delivery of phishing messages with malicious shortcut attachments or Google Drive URLs to mainly distribute the Lumma Stealer, NetSupport, and StealC payloads, according to a Proofpoint analysis. However, threat actors moved to leverage the ClickFix technique, as well as spoof the AMB Logistic, Astra TMS, and Samsara transport and fleet operations management software, to spread the DanaBot malware in some attacks that commenced last month. "The specific targeting and compromises of organizations within transportation and logistics, as well as the use of lures that impersonate software specifically designed for freight operations and fleet management, indicates that the actor likely conducts research into the targeted company's operations before sending campaigns," said Proofpoint researchers.