A zip attachment contains an iso with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, some APTs can fully access ICS / SCADA devices
Cybercrime, some APTs can fully access ICS / SCADA devices. DoE, CISA, NSA and FBI cybersecurity experts from: They have developed custom tools that attack Schneider Electric and OMRON Sysmac NEX PLCs, and OPC-UA
Some Advanced Persistent Threat (APT) actors have the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) denounce it. Devices at risk include Schneider Electric and OMRON Sysmac NEX programmable logic controllers (PLCs), and Open Platform Communications Unified Architecture (OPC UA) servers. Threat actors developed custom-made tools for targeting ICS/SCADA devices. They enable to scan for, compromise, and control affected devices once they have established initial access to the OT network. Additionally, they can compromise Windows-based engineering workstations, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions.