Kaspersky, the Russian originated Cybersecurity firm has discovered in its latest studies that cyber crooks are targeting Industrial Control Systems (ICS) operating in Asia and targeting companies operating in logistics, transportation, telecom and airlines sectors operating in Afghanistan, India, Pakistan and Malaysian regions.
Researchers from the security firm state they detected the said cyber threat in Oct’21 and found that the hackers were infiltrating the industrial control systems through a Microsoft Exchange Vulnerability.
However, the researchers traced out victims by March 2021 and confirmed that such attacks were leading to the deployment of ShadowPad backdoors that could lead to information theft and espionage.
The anti-malware firm is linking the attackers to a Chinese group of Threat Actors and confirmed that the threat actors have interests in targeting SMBs from Asian countries as often such companies do not have enough resources to tackle such attacks.
NOTE 1- A ICS is an instrumentation of a digital control system in industries that are into the process of chemicals, pulp, paper production, power generation, water supply and oil and gas processing, along with telecommunication.
NOTE 2– A malware is a type of malicious software developed to spy, conduct surveillance, exfiltrate data, or to disrupt the operations of computers or digitized infrastructure.
NOTE 3– According to an analysis made by SecureWorks in February 2022, ShadowPad malware was being deployed by a Chinese hacking gang titled Bronze Atlas Threat group and has been in operation since 2017. SecureWorks Counter Threat Unit has confirmed that the group of said threat actors is being funded by the Chinese Ministry of State Security, a civilian intelligence agency and the People’s Liberation Army.