Information Security, Malware and Manufacturing

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

Attackers infiltrated the supply chain, embedding malware in pre-installed apps. Doctor Web warns that the attackers gained access to the supply chain of a number of Chinese manufacturers of Android-based smartphones. The experts found malware-laced applications pre-installed on the phone. ” continues the report.

Malware

Malware Manufacturing Mobile Spyware

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Antivirus

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Security Affairs

MAY 18, 2025

The discovery raises fears China may have installed covert malware in critical energy infrastructure across the US and Europe, enabling remote attacks during conflicts. experts who strip down equipment hooked up to grids to check for security issues, the two people said.” ” reported Reuters.

Energy and Utilities

Energy and Utilities Manufacturing Government Hacking

TIDRONE APT targets drone manufacturers in Taiwan

Security Affairs

SEPTEMBER 9, 2024

Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND. ” concludes the report.

Manufacturing

Manufacturing Malware Antivirus Software

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Security Affairs

JUNE 9, 2025

malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. These compromised devices are used for criminal activity after attackers gain unauthorized access through security flaws. “Most of the infected devices were manufactured in China. ” BADBOX 2.0

IoT

IoT Internet Internet Advertising

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

Security Affairs

NOVEMBER 9, 2020

The Taiwanese electronics manufacture Compal suffered a ransomware attack over the weekend, media blames the DoppelPaymer ransomware gang. It is the second-largest contract laptop manufacturer in the world behind Quanta Computer. Acer, Lenovo, Dell, Toshiba, Hewlett-Packard and Fujitsu. It also licenses brands of its clients.

Manufacturing

Manufacturing Computers and Electronics Ransomware Media

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

Malware

Malware Manufacturing IoT Software

COVID-19 vaccine manufacturer suffers a data breach

Security Affairs

OCTOBER 26, 2020

Indian COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories was hit with a cyber attack that forced it to shut down its plants in Brazil, India, Russia, the U.K., In response to the security breach, the COVID-19 vaccine manufacturer has isolated all data center services. “In and the U.S. Pierluigi Paganini.

Manufacturing

Manufacturing Data breaches Cyber Attacks Advertising

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai. in newer ones.

Manufacturing

Manufacturing Malware Firmware IoT

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Security Affairs

NOVEMBER 8, 2024

. “The incident has caused disruptions and limitation of access to certain of the Company’s information systems and business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.” The company will update disclosures if circumstances change.

Ransomware

Ransomware Manufacturing Malware Hacking

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Security Affairs

FEBRUARY 24, 2021

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Bombardier pointed out that manufacturing and customer support operations have not been impacted. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Manufacturing

Manufacturing Ransomware Cybercrime Hacking

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

Security Affairs

MARCH 23, 2021

Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. Sierra Wireless announced it has halted its production at manufacturing facilities due to the ransomware attack, it is currently working to restart the production “soon.”.

Wireless

Wireless Manufacturing Ransomware Mobile

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

Security Affairs

OCTOBER 30, 2022

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. The post BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider appeared first on Security Affairs. Asahi Group Holdings, Ltd.

Manufacturing

Manufacturing Ransomware Hacking Data breaches

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

Security Affairs

FEBRUARY 12, 2025

The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025.

Computers and Electronics

Computers and Electronics Ransomware Manufacturing Data breaches

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors. dll), allowing type confusion to occur.

Internet

Internet Internet Engineering Malware

New ATM Malware family emerged in the threat landscape

Security Affairs

MAY 27, 2024

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. “The malware is fully automated, simplifying its deployment and operation.”

Malware

Malware Banking Advertising Cybercrime

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. SecurityAffairs – hacking, RedLine malware). This variant uses 207[.]32.217.89 as its C2 server through port 14588. 154.167.91

Malware

Malware Manufacturing Cryptocurrency Cybercrime

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 Unfortunately, often manufacturers sell older OS versions as newer ones. million Android devices in 197 countries.

Malware

Malware Firmware Antivirus Manufacturing

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke.

Banking

Banking Malware Manufacturing Business Services

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. This quick compromise allows vehicles to be targeted during valet service, ride-sharing, or through USB malware. x) may also be vulnerable. ” concludes the report.

Hacking

Hacking Firmware Software Manufacturing

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The malicious code specifically targets QNAP NAS devices manufactured by Taiwanese company QNAP, it already infected over 62,000 QNAP NAS devices.

Malware

Malware Firmware Advertising Manufacturing

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

JULY 9, 2020

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January.

Malware

Malware Wireless Mobile Advertising

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

. “XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities.Their attacks now target supply chains in the manufacturing and distribution sectors, leveraging new vulnerabilities and advanced tactics.”

Manufacturing

Manufacturing Cybercrime Authentication Passwords

Joker malware infected 538,000 Huawei Android devices

Security Affairs

APRIL 11, 2021

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. ” reads the post published by Dr. Web.

Malware

Malware Spyware Mobile Antivirus

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company ( TSMC ) and $70 million ransom. In August 2018, a malware infected systems at several Taiwan Semiconductor Manufacturing Co.

Manufacturing

Manufacturing Ransomware Hacking Technology

New PumaBot targets Linux IoT surveillance devices

Security Affairs

MAY 28, 2025

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. ” states the report.

Surveillance

Surveillance IoT Malware Manufacturing

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. According to the gangs Tor leak site, at least 182 companies are victims of the operation. The victims of the group are targets of opportunity.

Government

Government Ransomware Hacking Manufacturing

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

VPN

VPN Government Malware Manufacturing

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

Mobile

Mobile Malware Firmware Manufacturing

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime

Cybercrime Malware Backups Manufacturing

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware

Malware Data collection Manufacturing Healthcare

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Security Affairs

JULY 29, 2022

Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. The malware uses TOR exit nodes as a backup C2 infrastructure.

Malware

Malware Backups Manufacturing Technology

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Security Affairs

DECEMBER 3, 2024

The authors signed Bootkitty with a self-signed certificate, thus the malware cannot run on systems with UEFI Secure Boot enabled unless the attackers’ certificates have been installed. Bootkitty bypasses UEFI Secure Boot by patching integrity verification functions in memory, allowing seamless Linux kernel booting.

Firmware

Firmware Manufacturing Malware Authentication

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

Ransomware attackers often spend weeks or months inside of a target’s network before attempting to deploy malware across the network that encrypts servers and desktop systems unless and until a ransom demand is met. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job.

Hacking

Hacking Ransomware Banking Accountability

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

DECEMBER 31, 2021

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions.

Malware

Malware Firmware Manufacturing Media

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Security Affairs

MARCH 12, 2025

“The botnet exploits this vulnerability by injecting a payload that downloads and executes a cleartext shell dropper named dropbpb.sh, responsible for downloading the malware binaries and executing them on the compromised device.” 70) via HTTP on port 81. It processes encrypted data over a RAW socket, limiting further analysis.

IoT

IoT Malware Encryption DDOS

China-linked APT group MirrorFace targets Japan

Security Affairs

JANUARY 10, 2025

Campaign A (20192023): Used emails with malware attachments (LODEINFO) to target politicians, media, and government. Campaign B (2023): Exploited software vulnerabilities in networking devices, focusing on semiconductor, manufacturing, and aerospace sectors. Stay updated on network device vulnerabilities and apply patches promptly.

Antivirus

Antivirus Malware System Administration Technology

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved. ” concludes the report.

Malware

Malware Banking Phishing Engineering

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. .” The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site.

Manufacturing

Manufacturing Ransomware Engineering Hacking

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack.

Technology

Technology Ransomware Engineering Manufacturing

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

OCTOBER 1, 2024

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. KG is a German weapon manufacturer headquartered in Überlingen. By clicking on a malicious PDF, victims would unknowingly download malware, allowing the hackers to spy on their systems.”

Manufacturing

Manufacturing Hacking Cyber Attacks Malware

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. ” reported the website Nation Thailand.

Ransomware

Ransomware Encryption Backups Malware

Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted

Security Affairs

OCTOBER 17, 2022

Oomiya is focused on designing and manufacturing microelectronics and facility system equipment. The business of Omiya Kasei is divided into four major areas, manufacturing and designing chemical and industrial products, designing electronic materials, pharmaceutical development, and factory manufacturing.

Manufacturing

Manufacturing Ransomware Healthcare Marketing

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Trending Sources

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

TIDRONE APT targets drone manufacturers in Taiwan

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

COVID-19 vaccine manufacturer suffers a data breach

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

North Korea-linked APT37 exploited IE zero-day in a recent attack

New ATM Malware family emerged in the threat landscape

New RedLine malware version distributed as fake Omicron stat counter

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

TinyNuke banking malware targets French organizations

Mazda Connect flaws allow to hack some Mazda vehicles

QSnatch malware infected over 62,000 QNAP NAS Devices

Pre-Installed malware spotted on other Android phones sold in US

XE Group shifts from credit card skimming to exploiting zero-days

Joker malware infected 538,000 Huawei Android devices

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

New PumaBot targets Linux IoT surveillance devices

Rhysida Ransomware gang claims the hack of the Government of Peru

China’s Volt Typhoon botnet has re-emerged

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

How to implant a malware in hidden area of SSDs with Flex Capacity feature

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

China-linked APT group MirrorFace targets Japan

Xenomorph malware is back after months of hiatus and expands the list of targets

Grandoreiro banking malware targets Mexico and Spain

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Ransomware attack hit Indian multinational Tata Technologies

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted

Stay Connected