“This attack attracted attention due to several,non-standard technical solutions used by the attackers,”said Vyacheslav Kopeytsev,a security expert at Kaspersky.“For instance,the malware module is encoded inside the image using steganography methods,and the image itself is hosted on legitimate web resources.This makes it almost impossible to detect the download of such malware using network traffic monitoring and control tools.From the point of view of technical solutions,such activity does not differ from the usual access given to legitimate image hosting.Coupled with the targeted nature of infections,these techniques indicate the sophisticated and selective nature of these attacks.It is a matter of concern that industrial contractors are among the victims of the attack.If the authentication data of employees of the contractor organization falls into malicious hands,this can lead to many negative consequences,starting with the theft of confidential data and ending with attacks on industrial enterprises through remote administration tools used by the contractor.”
卡巴斯基安全专家Vyacheslav Kopeytsev表示:“由于攻击者使用了几种非标准的技术解决方案,这种攻击引起了人们的注意。例如,使用隐写方法将恶意软件模块编码在图像内部,并将图像本身托管在合法的Web资源上。这使得几乎不可能使用网络流量监视和控制工具来检测此类恶意软件的下载。从技术解决方案的角度来看,这种活动与对合法映像托管的通常访问没有区别。结合感染的针对性,这些技术表明了这些攻击的复杂性和选择性。令人担忧的是,工业承包商是袭击的受害者。如果承包商组织员工的身份验证数据落入恶意人员手中,则可能导致许多负面后果,首先是盗窃机密数据,最后是通过承包商使用的远程管理工具对工业企业发动攻击。”
Yamaha motor servo board KM5-M5840-021
Screen PPMU-101 card
HV# ETEL DSB2P101-121E-010H with DSO-SIO211C-000A
Lincoln laser C-BDC-BB & driver board 1-2-2453-301
