Tag Archive for: Logistics

New Python Variant of Chaes Malware Targets Banking and Logistics Industries


Sep 05, 2023THNCyber Threat / Malware

Chaes Malware

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes.

“It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol,” Morphisec said in a new detailed technical write-up shared with The Hacker News.

Chaes, which first emerged in 2020, is known to target e-commerce customers in Latin America, particularly Brazil, to steal sensitive financial information.

A subsequent analysis from Avast in early 2022 found that the threat actors behind the operation, who call themselves Lucifer, had breached more than 800 WordPress websites to deliver Chaes to users of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.

Further updates were detected in December 2022, when Brazilian cybersecurity company Tempest Security Intelligence uncovered the malware’s use of Windows Management Instrumentation (WMI) in its infection chain to facilitate the collection of system metadata, such as BIOS, processor, disk size, and memory information.

Cybersecurity

The latest iteration of the malware, dubbed Chae$ 4 in reference to debug log messages present in the source code, packs in “significant transformations and enhancements,” including an expanded catalog of services targeted for credential theft as well as clipper functionalities.

Despite the changes in the malware architecture, the overall delivery mechanism has remained the same in attacks that were identified in January 2023.

Chaes Malware

Potential victims landing on one of the compromised websites are greeted by a pop-up message asking them to download an installer for Java Runtime or an antivirus solution, triggering the deployment of a malicious MSI file that, in turn, launches a primary orchestrator module known as ChaesCore.

The component is responsible for establishing a communication channel with the command-and-control (C2) server from where it fetches additional modules that support post-compromise activity and data theft –

  • Init, which gathers extensive information about the system
  • Online, which…

Source…

AITX’s Subsidiary Robotic Assistance Devices Receives Multiple ROAMEO and ROSA Order from Leading Global Logistics Company


Artificial Intelligence Technology Solutions, Inc.

Artificial Intelligence Technology Solutions, Inc.

Robotic Assistance Devices

Illustration of 2 RAD ROAMEOs and 3 RAD ROSA 3.0 devices in simulated autonomous response mode. RAD has received an order for 2 ROAMEOs and 3 ROSA devices from a large global logistics company.

Illustration of 2 RAD ROAMEOs and 3 RAD ROSA 3.0 devices in simulated autonomous response mode. RAD has received an order for 2 ROAMEOs and 3 ROSA devices from a large global logistics company.

Detroit, Michigan, April 19, 2022 (GLOBE NEWSWIRE) — Artificial Intelligence Technology Solutions, Inc., (OTCPK:AITX), today announced that its wholly owned subsidiary Robotic Assistance Devices, Inc. (RAD) has received an order for 2 ROAMEO and 3 ROSA security robots from a top ranked global logistics company. Although not named due to confidentiality agreements, the Company indicated that the end-user is a global leader in supply chain management & third-party logistics.

The Company did confirm that the 2 ROAMEO mobile security robots are expected to be deployed in May or June at two of the client’s logistics centers. “This single, multiple unit order is such a tremendous opportunity to us to showcase the power of the RAD Ecosystem,” said Steve Reinharz, CEO of AITX. “At one location, the 3 stationary ROSAs and one mobile ROAMEO will be communicating and coordinating the facility’s security. The ROSA units will be able to dispatch ROAMEO to specific coordinate immediately upon their detection of a suspicious incident,” Reinharz continued.

“This is the world’s first deployment that we’re aware of where a stationary robot ‘calls’ a mobile robot to be the first responder,” said Mark Folmer, RAD President. “We expect his type of autonomous and automated security to become the de facto standard as it’s simply impossible for every organization that wants security officers to find, keep and afford them.”

The Company also confirmed that the previously announced ROAMEO and ROSA order from one of the nation’s largest vehicle retailers will be deployed on April 25. “It is such an exciting time right now with ROAMEO, ROSA and all other RAD solutions being deployed, and taking their positions at our clients’ facilities,” Reinharz concluded.

RAD’s parent company AITX intends to file for listing on the OTCQB within 10 days of filing its YE2022 10-K.

ROAMEO is a mobile security robot that is…

Source…

Hackers expose Hyundai logistics data after apparent ransomware attack


Hackers leaked data related to Hyundai Motor America’s logistics operations on Monday and claimed responsibility for an apparent ransomware attack targeting the automaker and subsidiary Kia Motors America. 

Files posted by the DoppelPaymer ransomware gang contain information about Hyundai Glovis, the automaker’s global logistics firm, as well as documents related to a trucking partner, in addition to other data.   

Hyundai Motor America acknowledged that it had experienced an “IT outage,” but would not confirm that it had been targeted in a ransomware attack.

“Last week, Hyundai Motor America experienced an IT outage affecting a limited number of customer-facing systems and the majority of those systems are now back online,” the company said in a statement. “We would like to thank our customers for their continued patience. At this time, we can confirm that we have no evidence of Hyundai Motor America or its data being subject to a ransomware attack.”

The data leak came in the aftermath of an IT disruption that hit Kia Motors America more than a week ago. Bleeping Computer reported that Kia had been targeted by a ransomware attack by DoppelPaymer and was seeking $20 million in payment. 

Brett Callow, a threat analyst with the security software firm Emsisoft, said the attack on Hyundai America could have led to attempts by DoppelPaymer to target any business partnerships.

DoppelPaymer is among a cohort of ransomware gangs that engage in double extortion tactics. Attackers seek to disrupt operations, locking out companies from their data, as well as stealing it. Companies that refuse to pay ransoms can face public disclosure on leak sites. 

Click for more FreightWaves articles by Nate Tabak
TFI to take aim at UPS Freight’s unprofitable business
TFI to acquire UPS Freight for $800M
XTL makes its first acquisition as Canada trucking M&A heats…

Source…

Cyber Daily: Covid-19 Vaccine Logistics Chain Is Ripe Target for Hacking, Physical Intrusion


Good day. Pharmaceutical firms and their logistics partners are on alert for hacking and physical infiltration that would disrupt supplies of Covid-19 vaccines as they become available. European police group Interpol, the U.S. Cybersecurity and Infrastructure Security Agency and cybersecurity researchers are warning that would-be thieves and bad actors are targeting the supply chain for the crucial shots.

Other news: Amazon workplace monitoring tool raises privacy concerns; U.S. national cybersecurity director closer to reality; and U.S., Estonia teamed up against Russian cyber threats.

Weekend reading:
Twitter

case in Ireland close to final ruling;
Unilever

works to secure factories; pandemic accelerated cyber awareness at
Mastercard
,

Rockwell Automation

; EU wants car companies to share data; and companies urged to get real about cyber job requirements.

Hacking the Covid-19 Supply Chain

Covid-19 Vaccines Are ‘Liquid Gold’ to Organized Crime, Interpol Says. Criminal gangs likely will attempt to get their hands on the new Covid-19 vaccines, international police organization Interpol warned. Pharmaceutical firms and their logistics partners are on alert for hacking and physical infiltration that would disrupt supplies of the crucial shots as they become available, The Wall Street Journal reports.

Interpol issued a global orange notice—which it describes as a serious and imminent threat to public safety—to its 194 members, calling the vaccines “liquid gold.” It warned that counterfeit vaccines or fake coronavirus tests could become a growing problem as international travel gradually resumes in the months to come. Interpol issued the warning after the U.K. became the first country to grant emergency-use authorization for a vaccine. Developed by
Pfizer
Inc.
and
BioNTech SE
,
the rollout could start next week.

Separately,

Source…