Feeds

Infected Chinese inventory scanners ships off logistics intel

Malware pops ERP systems, gobbles financial, customer data.

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

A Chinese manufacturer has been accused of implanting malware that steals supply chain intelligence in its hand-held scanner firmware.

Security firm TrapX says infected scanners have been sold to eight unnamed firms including a large robotics company.

Variants of the malware broke into enterprise resource planning platforms to steal financial, logistical and customer information which was exfiltrated to the unnamed accused Chinese manufacturer located in Shandong province, a block from the Lanxiang Vocational School said to be the headquarters of the Google Aurora attacks.

The manufacturer denied knowledge that its scanners and website-hosted software were infected.

Infected scanners once connected to one firm's wireless network attacked its corporate network via the SMB protocol, morphing to infect using the RADMIN protocol more than nine servers after it was initially blocked by a firewall.

Sixteen of the 48 scanners deployed at the firm were infected, TrapX found, which successfully sought out and compromised host names containing the word finance and siphoning off the logistical and financial data stored within.

Zombie Zero

TrapX

A "comprehensive" command and control link was then established to a bot terminating near Lanxiang before another stealthier connection was made between the hacked financial and a Beijing drop.

"Exfiltration of all financial data and ERP data was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company’s worldwide operations," the report Anatomy of the Attack: Zombie Zero (PDF) read.

TrapX suspected the attacks dubbed Zombie Zero were backed by Beijing in a bid to gain intelligence on either logistics firms or their customers.

One of the hacked firms deployed the security company's network of targeted honeypots to capture the attackers' activity which it described as creating security through "deception and interdiction". ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Canada's boffins need A WHOLE YEAR to recover from China hack attack
'State-sponsored actor' breached National Research Council network
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.