Threat Management

Building automation systems compromised with ProxyLogon exploits

Share

Several Asian entities had their building automation systems attacked by a Chinese advanced persistent threat group linked to Hafnium, another Chinese APT, which leveraged ProxyLogon exploits to infiltrate their networks, reports BleepingComputer. Chinese attackers were discovered by Kaspersky researchers to have commenced the attacks in March 2021 with the use of the ShadowPad backdoor disguised as legitimate software. Other malware and tools, such as the PlugX backdoor, Cobalt Strike framework, credential theft scripts, web shells, and the open-source nextnet network scanner, have been distributed in the campaign presumed to be looking for sensitive data. "We strongly believe that those systems themselves could be a valuable source of highly confidential information. Additionally, we believe there is a chance that they also provide attackers with a backdoor to other, more strictly secured, infrastructure. We believe that it is highly likely that this threat actor will strike again and we will find new victims in different countries," said the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.