The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
"A new malware campaign built to exploit flaws in connected devices is targeting manufacturers around the world and affecting products from smart printers to heavy operational equipment.
Researchers at TrapX Labs first saw this attack targeting Latin American manufacturers in October 2019. Since then, it has continued to expand, with a peak in December and ongoing growth this year in regions including North America, Africa, and the Middle East, says TrapX CEO Ori Bach.
"Given the nature of the attack, it makes sense to make it global," Bach explains. "The attacker wants to cover as much real estate as possible."
This attack campaign uses a self-spreading downloader that runs malicious scripts as part of the Lemon_Duck PowerShell malware family. The threat exploits vulnerabilities in Windows 7 embedded devices and specifically targets manufacturing sites, where infected devices can possibly malfunction and pose risks to employee safety, supply chain disruption, and data loss."