July 10, 2017 by

Hackers Find a New Way to Attack Nuclear Plants: Template Injection

Hackers have leveraged phishing, a long successful method to execute cyberattacks, with a template file over an SMB connection to discreetly harvest the victim’s credentials.

Security researchers at Talos Intelligence have pointed to a new form of email-based attack that is increasingly targeting the energy sector, including nuclear power plants.

While phishing attacks typically see malicious word documents contain attachments via a script or a macro that double as malicious code, the new attack vector targeting critical infrastructure takes a different route.

Researchers wrote:

The attachment instead tries to download a template file over an SMB connection so that the user’s credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim’s computer.

These attacks uses emails relevant to the targets as a lure, like any effective phishing campaign. Researchers point to an environmental report or a resume with an attached Word document which seeks to harvest data when opened. Initially, there were no indicators of a compromise or any malicious macro. However, researchers soon discovered that the code contained instructions for a template injection, establishing a connection to an external rogue server over SMB.

The attack is performed with an SMB exploit while the phishing is handled over HTTPs. The campaign’s user credentials are harvested using Basic Authentication via a prompt for credentials.

Talos researchers underlined the “importance of controlling your network traffic and not allowing outbound protocols such as SMB except where specifically required for your environment.”

The security firm has also reached out to affected customers to ensure “that they were aware of and capable of responding to the threat.”

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...

Read more arrow_forward

Google Research: Phishing Poses the Greatest Cybersecurity Threat

A new study by Google has revealed insights to better explain how emails and other accounts are...

Read more arrow_forward

Nearly 50% of Organizations are Victims of Ransomware Attacks

A new study has revealed that ransomware attacks targeting organizations continue to be one the...

Read more arrow_forward