Attackers Hired for Industrial Espionage - ThreatWire
Added 2020-09-01 18:20:16 +0000 UTCBy Shannon Morse, ThreatWire
Bitdefender’s Cyber Threat Intelligence Lab released a report last week detailing evidence of an industrial espionage campaign using APT hackers for hire. According to the report, they were targeting an international architectural and video production company, but the company name was kept anonymous. The attackers were able to infiltrate the company using an infected plugin for Autodesk 3ds Max, software that is used for professional 3d computer graphics, animation, modeling, and more.
This is unique because these kind of groups of cybercriminals usually work on their own for financial gain, they are very rarely hired to attack specific targets. The researchers found the malicious payloads and command and control infrastructure for this attack were based in South Korea.
Autodesk had published an advisory on the 10th regarding an exploit in the same software, which turned out to be the exploit used for this attack. Bitdefender reports that this plugin exploit includes a DLL file that can download additional binaries from the command and control server, with the end goal of stealing documents.
But that’s not all! The malware can also capture screenshots and passwords from browsers, upload specific types of files, and collect data about the machine, all the while evading detection. While the report details a specific targeted attack, the researchers did find evidence of other similar attacks against other targets that used similar malware, all within the past month.
Luckily, Autodesk has a patch, so Bitdefender recommends users update to version 2021-2015SP1. Even though the target wasn’t named, Bitdefender did explain this was a real-estate industry company, and suggests that the attackers were hired by a competitor.
Links:
View the full episode on youtube: https://youtu.be/iqXzE9IOF-c
Support me on alternative platforms! https://snubsie.com/support
Shop ThreatWire Merch Directly! - https://snubsie.com/shop
Shop ThreatWire Merch on Teespring! - https://teespring.com/stores/shannons-store-24
http://www.youtube.com/ShannonMorse?sub_confirmation=1 -- subscribe to my tech channel!
ThreatWire is only possible because of our Patreon patrons! Sign up now for ACTION ALERTS! Help me reach our next ThreatWire goal to unlock merch tiers and an audio podcast! https://www.patreon.com/threatwire
Links:
Autodesk vulnerability targeted in industrial espionage campaign
https://threatpost.com/hackers-exploit-autodesk-flaw-in-recent-cyberespionage-attack/158669/
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0005
https://thehackernews.com/2020/08/autodesk-malware-attack.html
https://www.cyberscoop.com/autodesk-plugin-bitdefender-real-estate-hack/
