A research group discovered a new variation of malware called PseudoManuscrypt that has targeted over 30,000 ICS devices worldwide. Researchers believed that this malware is an affiliate of Lazarus Manuscrypt, which is dubbed the PseudoManuscrypt. It also has an advanced spying ability and targets industrial control systems and government sectors.
Fortunately, researchers have managed to block some attempts of PseudoManuscrypt from January to November of 2021. The attacks revealed that the malware operator’s targets are military-industrial enterprises, government organisations, and research laboratories.
Within the target’s system, threat actors download the PseudoManuscrypt via phoney software installer libraries, some of which are designated for ICS pirated software.
Surprisingly, in other cases, PseudoManuscrypt was installed by a botnet called Glupteba. After initial intrusion, a complex infection chain is executed to download the primary malicious malware eventually. Cybersecurity experts have discovered two variants of this malware — of which both can have spyware, logging keystrokes, VPN (Virtual Private Networks) stealing, duplicating screenshots, clipboard data copying, and more.
The investigation revealed that the spyware attacks portray no favouritism for specific industries. However, most engineering computers attacked are systems that utilise 3D modeling and digital twins. These targets show that the threat actors may have plans to use their 3D modeling in their future endeavours.
The unusual thing about this espionage is that the targets seem to be related to the victims of the Lazarus attacks on ICS CERT. However, the researchers said it is implausible that the new PseudoManuscrypt is linked to any known APT groups or the Lazarus gang.
Lastly, the researchers stated that these recent attacks were a bit of an unusual campaign, and they are still investigating more available information. They warn everyone that they should give this threat great attention since its targets are ICS devices and high-profiled government organisations.