Feeds

Infected Chinese inventory scanners ships off logistics intel

Malware pops ERP systems, gobbles financial, customer data.

  • alert
  • submit to reddit

Build a business case: developing custom apps

A Chinese manufacturer has been accused of implanting malware that steals supply chain intelligence in its hand-held scanner firmware.

Security firm TrapX says infected scanners have been sold to eight unnamed firms including a large robotics company.

Variants of the malware broke into enterprise resource planning platforms to steal financial, logistical and customer information which was exfiltrated to the unnamed accused Chinese manufacturer located in Shandong province, a block from the Lanxiang Vocational School said to be the headquarters of the Google Aurora attacks.

The manufacturer denied knowledge that its scanners and website-hosted software were infected.

Infected scanners once connected to one firm's wireless network attacked its corporate network via the SMB protocol, morphing to infect using the RADMIN protocol more than nine servers after it was initially blocked by a firewall.

Sixteen of the 48 scanners deployed at the firm were infected, TrapX found, which successfully sought out and compromised host names containing the word finance and siphoning off the logistical and financial data stored within.

Zombie Zero

TrapX

A "comprehensive" command and control link was then established to a bot terminating near Lanxiang before another stealthier connection was made between the hacked financial and a Beijing drop.

"Exfiltration of all financial data and ERP data was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company’s worldwide operations," the report Anatomy of the Attack: Zombie Zero (PDF) read.

TrapX suspected the attacks dubbed Zombie Zero were backed by Beijing in a bid to gain intelligence on either logistics firms or their customers.

One of the hacked firms deployed the security company's network of targeted honeypots to capture the attackers' activity which it described as creating security through "deception and interdiction". ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?