Saturday, May 10, 2025
HomePhishingBrilliant Phishing Attack Targeting Critical Infrastructure and Manufacturing Industries

Brilliant Phishing Attack Targeting Critical Infrastructure and Manufacturing Industries

Published on

SIEM as a Service

Follow Us on Google News

Nowadays attackers targeting users more innovatively through Emails and many other ways. This malware attack particularly targeting power sectors including Nuclear power stations.

Attackers used Malicious Word documents in this attack with a different behavior this time. This attack was identified by Talos intelligence.

There is no malicious code with attachment itself instead of it download file over SMB connection and steals user credentials silently, also it will download some other malicious payloads to infect victim’s computer.

- Advertisement - Google News

Talos says “One objective of this most recent attacks appear to be to harvest credentials of users who work within critical infrastructure and manufacturing industries.”

Attack Flow

They came through various DOCX samples which were delivered as attachments in malicious spam emails.If the victim opens the attachment the document will try to pull down a template and there is a connection over port 80 and with port 445 they captured a handshake failure.

Also Read Innovative Phishing Threat Targeting Facebook Mobile Users

As per their initial analysis, malicious SMB server was used to harvest the victim’s credentials and the connection to external server established over SMB.

Later they confirmed with another related sample with another external server listening on Port 80 but No Templates served.

Brilliant Phishing Attack Targeting Critical Infrastructure

They research further with the entity relationship ID rId133 that found in word/_rels/settings.xml.rels and reached to GitHub page of a phishing tool named Phishery.

They found the same rID in the Phishery source, but Phishery doesn’t rely on SMB, instead, it handles connection over HTTPS.You can refer Talos for Technical analysis.

Talos said “At this time, there is no evidence to confirm any of the three possibilities. However, the attackers’ reliance on a successful SMB session stemming from outbound traffic over TCP 445 further confirms that organizations are still failing to properly block such egress traffic to public hosts.”

Common Defence’s to stay safe

  • Don’t open the attachments that you are not expecting.
  • Patch or Update your software.
  • Use a reputable security suite.
  • Disconnect Internet connection immediately.

Also Read Dangerous Malware detected that is capable of Controlling Electric Power Systems

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cyberattackers Targeting IT Help Desks for Initial Breach

Cybercriminals are increasingly impersonating IT support personnel and trusted authorities to manipulate victims into...

New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources

Cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a novel obfuscation method...

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms

Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known...

Threat Actors Leverage Multimedia Systems in Stealthy Vishing Attacks

Threat actors have begun exploiting multimedia systems as a pivotal component of their voice...

FreeDrain Phishing Attack Targets Users to Steal Financial Login Credentials

PIVOTcon, joint research by Validin and SentinelLABS has exposed FreeDrain, an industrial-scale cryptocurrency phishing...