The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
CISA releases 3 new ICS advisories on vulnerabilities. They are linked to Advantech iView, AVEVA InTouch Access Anywhere, and Rockwell Automation Logix controllers
The US Cybersecurity & Infrastructure Security Agency (CISA), following the recent escalation of cyber attacks against the Industrial Control Systems (ICS), released three advisories on exploitable vulnerabilities. They are linked to Advantech iView, AVEVA InTouch Access Anywhere, and Rockwell Automation Logix controllers. In the first case the flaw is the CVE-2022-3323, that could allow an attacker to acquire credentials. In the second is the CVE-2022-23854, and could allow an unauthenticated user to read files on the system. In the last one is the CVE-2022-3752 and could allow an unauthorized user to cause denial-of-service condition on a targeted device. CISA encouraged users and administrators to review the newly released ICS advisories for technical details and mitigations.