Attackers have been using malicious PowerShell scrips in images to steal industrial sector employee credentials in a highly targeted campaign. The technique, steganography, uses public hosting imaging services to evade network traffic scanners and other tools that would potentially flag the malicious image. There have been victims identified in multiple countries such as Japan, the UK, Germany, and Italy, with organizations producing software solutions, supplying equipment, and industrial enterprises targeted.
According to cybersecurity experts, the operators behind the attacks have adapted to the geographic diversity of the targets by creating messages in the language specific to each victim, and the malware used in the attacks carried its tasks on systems matching the location of the email.
Read More: Highly-targeted attacks on industrial sector hide payload in images