Threat actors run ZipLine, a social engineering campaign that targets supply-chain-critical manufacturing firms by initiating contact via public Contact Us forms. Attackers build trust over weeks through professional exchanges and fake NDAs before sending a weaponized ZIP containing MixShell, an in-memory malware. Targets include industrial manufacturing, machinery, metalwork, component production, engineered systems, hardware, semiconductors, consumer goods, biotechnology, and pharmaceuticals, with emphasis on U.S.-based entities and additional hits in Singapore, Japan, and Switzerland. Check Point identified overlapping digital certificates linking attack infrastructure to TransferLoader activity associated with UNK_GreenSec. Motives and provenance remain unclear.
Instead of sending unsolicited phishing emails, attackers initiate contact through a company's public 'Contact Us' form, tricking employees into starting the conversation. What follows are weeks of professional, credible exchanges, often sealed with fake NDAs, before delivering a weaponized ZIP file carrying MixShell, a stealthy in-memory malware.
The attacks have cast a wide net, spanning multiple organizations across sectors and geographic locations, but with an emphasis on U.S.-based entities. Primary targets include companies in industrial manufacturing, such as machinery, metalwork, component production, and engineered systems, as well as those related to hardware and semiconductors, consumer goods, biotechnology, and pharmaceuticals. This diverse, yet focused, targeting has raised the possibility that the threat actors behind the campaign are honing in on industry verticals critical to the supply chain.
The campaign's provenance and motives are presently unclear, but Check Point said it identified overlapping digital certificates between an IP address used in the attacks and infrastructure previously identified by Zscaler and Proofpoint as employed in TransferLoader attacks undertaken by a threat cluster referred to as UNK_GreenSec.
Collection
[
|
...
]