Cyber Risk in the Manufacturing Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Manufacturing.

Report

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

This cybersecurity advisory from the U.S. Federal Bureau of Investigation (FBI) and its partners, highlights the cyber espionage activities of the ...

View Source

Report

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

This blog post by Microsoft Threat Intelligence outlines the Flax Typhoon intrusion set and TTPs demonstrated by the group. It describes the actor ...

View Source

Report

ANALYSIS OF THE APT31 INDICTMENT

Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...

View Source

Report

GOLD IONIC DEPLOYS INC RANSOMWARE

This blog post from Secureworks describes the intrusion set they track as GOLD IONIC, also known as INC Ransom Group. The post outlines GOLD IONIC ...

View Source

Report

Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide

This presentation from TeamT5 describes the intrusion set they refer to as TeleBoyi and was presented at JPCERT's JSAC2024 conference on January ...

View Source

Report

Threat Assessment: EKANS Ransomware

This threat assessment from researchers at Palo Alto's Unit 42 covers the EKANS ransomware. According to the report, EKANS was first observed in ...

View Source

Report

EKANS Ransomware and ICS Operations

This blog post by researchers at Dragos talks about the EKANS ransomware variant. EKANS targets industrial control system (ICS) operations, and ...

View Source

Report

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...

View Source

Report

GhostSec’s joint ransomware operation and evolution of their arsenal

This Threat Spotlight from Cisco Talos describes the evolution of GhostSec's ransomware operations including their work with the Stormous ...

View Source

Report

StopRansomware: Rhysida Ransomware

This is a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and ...

View Source

Report

Threat Assessment: Black Basta Ransomware

This threat assessment from Palo Alto's Unit 42 describes the Black Basta 'Ransomware as a Service' operation including TTPs (tactics, techniques ...

View Source

Report

Ransomware Spotlight: Black Basta

This report from Trend Micro outlines tactics, techniques and procedures used by the Black Basta Ransomware group. According to the report, Black ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Manufacturing.

Search:

ATT&CK ID	Title	Associated Tactics
T1560	Archive Collected Data	Collection
T1587.001	Malware	Resource Development
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1021	Remote Services	Lateral Movement
T1587.004	Exploits	Resource Development
T1083	File and Directory Discovery	Discovery
T1021.002	SMB/Windows Admin Shares	Lateral Movement
T1071	Application Layer Protocol	Command and Control
T1591	Gather Victim Org Information	Reconnaissance
T1003	OS Credential Dumping	Credential Access
T1572	Protocol Tunneling	Command and Control
T1190	Exploit Public-Facing Application	Initial Access
T1567	Exfiltration Over Web Service	Exfiltration
T1027	Obfuscated Files or Information	Defense Evasion
T1090	Proxy	Command and Control
T1592	Gather Victim Host Information	Reconnaissance
T1087	Account Discovery	Discovery
T1059	Command and Scripting Interpreter	Execution
T1596	Search Open Technical Databases	Reconnaissance
T1039	Data from Network Shared Drive	Collection
T1595	Active Scanning	Reconnaissance
T1036	Masquerading	Defense Evasion
T1546	Event Triggered Execution	Persistence, Privilege Escalation
T1550	Use Alternate Authentication Material	Defense Evasion, Lateral Movement
T1543	Create or Modify System Process	Persistence, Privilege Escalation
T1505	Server Software Component	Persistence
T1105	Ingress Tool Transfer	Command and Control
T1598.003	Spearphishing Link	Reconnaissance
T1070.006	Timestomp	Defense Evasion
T1080	Taint Shared Content	Lateral Movement
T1119	Automated Collection	Collection
T1053	Scheduled Task/Job	Execution, Persistence, Privilege Escalation
T1204	User Execution	Execution
T1486	Data Encrypted for Impact	Impact
T1057	Process Discovery	Discovery
T1005	Data from Local System	Collection
T1595.003	Wordlist Scanning	Reconnaissance
T1020	Automated Exfiltration	Exfiltration
T1566.002	Spearphishing Link	Initial Access
T1087.002	Domain Account	Discovery
T1036.007	Double File Extension	Defense Evasion
T1583.001	Domains	Resource Development
T1059.006	Python	Execution
T1210	Exploitation of Remote Services	Lateral Movement
T1003.001	LSASS Memory	Credential Access
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1110.003	Password Spraying	Credential Access
T1059.001	PowerShell	Execution
T1543.003	Windows Service	Persistence, Privilege Escalation
T1059.003	Windows Command Shell	Execution

Showing 1 to 50 of 133 entries