CHECKPOINT RESEARCH:
It started with a seemingly benign email, dealing with the purchase of a vehicle, and ended in a reveal of a months’ long campaign targeting German organizations. Most of the targets are related to the German auto-industry sector and the attacks were designed to deploy various types of info-stealing malware. The threat actors behind the operation registered multiple lookalike domains, all imitating existing German auto businesses that they later used to send phishing emails and to host the malware infrastructure.
In the following publication, they review the details of this operation, from the initial infrastructure preparations, through the different infection-chain stages, to the details of the final payloads.
