Thursday, May 29, 2025
HomePhishingBrilliant Phishing Attack Targeting Critical Infrastructure and Manufacturing Industries

Brilliant Phishing Attack Targeting Critical Infrastructure and Manufacturing Industries

Published on

SIEM as a Service

Follow Us on Google News

Nowadays attackers targeting users more innovatively through Emails and many other ways. This malware attack particularly targeting power sectors including Nuclear power stations.

Attackers used Malicious Word documents in this attack with a different behavior this time. This attack was identified by Talos intelligence.

There is no malicious code with attachment itself instead of it download file over SMB connection and steals user credentials silently, also it will download some other malicious payloads to infect victim’s computer.

- Advertisement - Google News

Talos says “One objective of this most recent attacks appear to be to harvest credentials of users who work within critical infrastructure and manufacturing industries.”

Attack Flow

They came through various DOCX samples which were delivered as attachments in malicious spam emails.If the victim opens the attachment the document will try to pull down a template and there is a connection over port 80 and with port 445 they captured a handshake failure.

Also Read Innovative Phishing Threat Targeting Facebook Mobile Users

As per their initial analysis, malicious SMB server was used to harvest the victim’s credentials and the connection to external server established over SMB.

Later they confirmed with another related sample with another external server listening on Port 80 but No Templates served.

Brilliant Phishing Attack Targeting Critical Infrastructure

They research further with the entity relationship ID rId133 that found in word/_rels/settings.xml.rels and reached to GitHub page of a phishing tool named Phishery.

They found the same rID in the Phishery source, but Phishery doesn’t rely on SMB, instead, it handles connection over HTTPS.You can refer Talos for Technical analysis.

Talos said “At this time, there is no evidence to confirm any of the three possibilities. However, the attackers’ reliance on a successful SMB session stemming from outbound traffic over TCP 445 further confirms that organizations are still failing to properly block such egress traffic to public hosts.”

Common Defence’s to stay safe

  • Don’t open the attachments that you are not expecting.
  • Patch or Update your software.
  • Use a reputable security suite.
  • Disconnect Internet connection immediately.

Also Read Dangerous Malware detected that is capable of Controlling Electric Power Systems

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands

The Zanubis Android banking Trojan has evolved into a highly sophisticated threat, initially targeting...

Cybercriminals Are Turning Ordinary Citizens Into Money Mules in a New ‘Rent-a-Bank-Account’ Scam

Cybercriminals are exploiting vulnerable individuals by transforming them into unwitting money mules through a...

Worldwide Operation Shuts Down Hundreds of Ransomware Servers and Domains, Ending Key Attack Infrastructure

Law enforcement and judicial officials, working together with Europol and Eurojust, have dealt a...

Apple Blocked 2 million Malicious App & $9 Billion in Fraudulent Transactions

Apple has strengthened the App Store as a bulwark of confidence, a remarkable testament...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

SilentWerewolf Attack Combines Legitimate Tools with Code Obfuscation for Stealthy Infiltration

The threat actor dubbed SilentWerewolf has employed advanced phishing techniques to infiltrate organizations in...

Fake DigiYatra Apps Target Indian Users to Steal Financial Data

Threat actors have been exploiting the trust in India's digital public infrastructure by setting...

Cybercriminals Using Trusted Google Domains to Spread Malicious Code

A sophisticated new malvertising scheme has emerged, transforming trusted e-commerce websites into phishing traps...