A computer security firm recently uncovered a massive cyber attack on logistics companies that originated with handheld scanners made in China.
TrapX (formally CyberSense) discovered a highly sophisticated, polymorphic advanced persistent malware dubbed “Zombie Zero” targeting international shipping and logistics firms.
The malware mined all financial and CRM data, providing the attacker complete visibility into the shipping and logistics targets’ worldwide operations, including access to all corporate financial data, customer data, detailed shipping and manifest information.
Zombie Zero came with proprietary hardware for terminal scanners made by a Chinese manufacturer. The malware was delivered through the Windows-embedded XP operating system installed on the hardware and also could be downloaded from the manufacturer’s support website.
A variant of this malware also was delivered with the same model scanners to a large manufacturing company as well as to seven other identified logistics customers worldwide, TrapX said.
Once the scanner was attached to a wireless network it began an automated attack using the server message block protocol, and relentlessly sought out cracks in the target firm’s firewall.
One shipping and logistics target installed security certificates on its scanner devices for network authentication, but because the devices were already infected with the advanced persistent malware, the certificates were completely compromised.
The scanned data (origin, destination, contents, value, to, from, etc.) was sent to a Chinese botnet terminating at the Lanxiang Vocational School in Shandong province, linked to on-line attacks on Google, and located near the scanner manufacturer.