Industrial Sector Subjected to Advanced Zipline Phishing Campaign

share
Header image

Industrial Sector Subjected to Advanced Zipline Phishing Campaign

share

Attackers have sought to compromise entities involved in manufacturing machinery, semiconductors, pharmaceuticals, biotechnology, and consumer goods.


U.S.-based supply chain-critical manufacturing organisations have been primarily targeted with the MixShell in-memory malware as part of the sophisticated ZipLine social engineering campaign.

According to research from Check Point, attackers have sought to compromise entities in Switzerland, Japan, and Singapore who are involved in manufacturing machinery, semiconductors, pharmaceuticals, biotechnology, and consumer goods.

Attacks commence with the exploitation of targeted firms' public 'Contact Us' forms to lure employees into entering weeks-long correspondences involving the distribution of non-disclosure agreements before the delivery of malicious ZIP files. Included within the ZIP archives was a Windows LNK file prompting the eventual deployment of the MixShell payload, which allows not only remote command execution, reverse proxying, and persistence but also further network compromise.

"The ZipLine campaign is a wake-up call for every business that believes phishing is just about suspicious links in emails. Attackers are innovating faster than ever – blending human psychology, trusted communication channels, and timely AI-themed lures," said Check Point research threat intelligence group manager Sergey Shykevich, who recommended the adoption of AI-powered security systems and increased vigilance on possible threats.



Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

MalwarePhishing Published: 27 August Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Zero Click Attacks: The Risk To Business

Zero Click Attacks: The Risk To Business

 Crypto phishing scam crackdown sought by new global international law enforcement operation

Crypto phishing scam crackdown sought by new global international law enforcement operation

 Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate
Novel CyberStrikeAI tool exploited in attacks

Novel CyberStrikeAI tool exploited in attacks

 Industry urges reform to retain women in tech

Industry urges reform to retain women in tech

 NCSC flags heightened threat in Middle East

NCSC flags heightened threat in Middle East
Europe moves toward teen social media limits

Europe moves toward teen social media limits