Cyber Risk in the Manufacturing Sector
Understand more about cyber risk in this sector.
Cyber Risk Graph
Explore how this sector relates to the wider risk graph
Threat Reports
Publicly available threat reporting on cyber attacks against Manufacturing.
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
This cybersecurity advisory from the U.S. Federal Bureau of Investigation (FBI) and its partners, highlights the cyber espionage activities of the ...
Flax Typhoon using legitimate software to quietly access Taiwanese organizations
This blog post by Microsoft Threat Intelligence outlines the Flax Typhoon intrusion set and TTPs demonstrated by the group. It describes the actor ...
ANALYSIS OF THE APT31 INDICTMENT
Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...
GOLD IONIC DEPLOYS INC RANSOMWARE
This blog post from Secureworks describes the intrusion set they track as GOLD IONIC, also known as INC Ransom Group. The post outlines GOLD IONIC ...
Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide
This presentation from TeamT5 describes the intrusion set they refer to as TeleBoyi and was presented at JPCERT's JSAC2024 conference on January ...
Threat Assessment: EKANS Ransomware
This threat assessment from researchers at Palo Alto's Unit 42 covers the EKANS ransomware. According to the report, EKANS was first observed in ...
EKANS Ransomware and ICS Operations
This blog post by researchers at Dragos talks about the EKANS ransomware variant. EKANS targets industrial control system (ICS) operations, and ...
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...
GhostSec’s joint ransomware operation and evolution of their arsenal
This Threat Spotlight from Cisco Talos describes the evolution of GhostSec's ransomware operations including their work with the Stormous ...
StopRansomware: Rhysida Ransomware
This is a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and ...
Threat Assessment: Black Basta Ransomware
This threat assessment from Palo Alto's Unit 42 describes the Black Basta 'Ransomware as a Service' operation including TTPs (tactics, techniques ...
Ransomware Spotlight: Black Basta
This report from Trend Micro outlines tactics, techniques and procedures used by the Black Basta Ransomware group. According to the report, Black ...
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use against Manufacturing.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1560 | Archive Collected Data | Collection |
| T1587.001 | Malware | Resource Development |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1021 | Remote Services | Lateral Movement |
| T1587.004 | Exploits | Resource Development |
| T1083 | File and Directory Discovery | Discovery |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1071 | Application Layer Protocol | Command and Control |
| T1591 | Gather Victim Org Information | Reconnaissance |
| T1003 | OS Credential Dumping | Credential Access |
| T1572 | Protocol Tunneling | Command and Control |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1090 | Proxy | Command and Control |
| T1592 | Gather Victim Host Information | Reconnaissance |
| T1087 | Account Discovery | Discovery |
| T1059 | Command and Scripting Interpreter | Execution |
| T1596 | Search Open Technical Databases | Reconnaissance |
| T1039 | Data from Network Shared Drive | Collection |
| T1595 | Active Scanning | Reconnaissance |
| T1036 | Masquerading | Defense Evasion |
| T1546 | Event Triggered Execution | Persistence, Privilege Escalation |
| T1550 | Use Alternate Authentication Material | Defense Evasion, Lateral Movement |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1505 | Server Software Component | Persistence |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1598.003 | Spearphishing Link | Reconnaissance |
| T1070.006 | Timestomp | Defense Evasion |
| T1080 | Taint Shared Content | Lateral Movement |
| T1119 | Automated Collection | Collection |
| T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |
| T1204 | User Execution | Execution |
| T1486 | Data Encrypted for Impact | Impact |
| T1057 | Process Discovery | Discovery |
| T1005 | Data from Local System | Collection |
| T1595.003 | Wordlist Scanning | Reconnaissance |
| T1020 | Automated Exfiltration | Exfiltration |
| T1566.002 | Spearphishing Link | Initial Access |
| T1087.002 | Domain Account | Discovery |
| T1036.007 | Double File Extension | Defense Evasion |
| T1583.001 | Domains | Resource Development |
| T1059.006 | Python | Execution |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1003.001 | LSASS Memory | Credential Access |
| T1574.002 | DLL Side-Loading | Defense Evasion, Persistence, Privilege Escalation |
| T1110.003 | Password Spraying | Credential Access |
| T1059.001 | PowerShell | Execution |
| T1543.003 | Windows Service | Persistence, Privilege Escalation |
| T1059.003 | Windows Command Shell | Execution |
| T1586.002 | Email Accounts | Resource Development |
| T1584.004 | Server | Resource Development |
| T1112 | Modify Registry | Defense Evasion |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1608.005 | Link Target | Resource Development |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1003.002 | Security Account Manager | Credential Access |
| T1588.001 | Malware | Resource Development |
| T1033 | System Owner/User Discovery | Discovery |
| T1595.002 | Vulnerability Scanning | Reconnaissance |
| T1588.003 | Code Signing Certificates | Resource Development |
| T1505.003 | Web Shell | Persistence |
| T1087.001 | Local Account | Discovery |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1047 | Windows Management Instrumentation | Execution |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1140 | Deobfuscate/Decode Files or Information | Defense Evasion |
| T1608.001 | Upload Malware | Resource Development |
| T1608.002 | Upload Tool | Resource Development |
| T1569.002 | Service Execution | Execution |
| T1583.003 | Virtual Private Server | Resource Development |
| T1595.001 | Scanning IP Blocks | Reconnaissance |
| T1203 | Exploitation for Client Execution | Execution |
| T1204.002 | Malicious File | Execution |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1114 | Email Collection | Collection |
| T1071.001 | Web Protocols | Command and Control |
| T1069.002 | Domain Groups | Discovery |
| T1534 | Internal Spearphishing | Lateral Movement |
| T1199 | Trusted Relationship | Initial Access |
| T1656 | Impersonation | Defense Evasion |
| T1573 | Encrypted Channel | Command and Control |
| T1007 | System Service Discovery | Discovery |
| T1590 | Gather Victim Network Information | Reconnaissance |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1010 | Application Window Discovery | Discovery |
| T1090.001 | Internal Proxy | Command and Control |
| T1564.001 | Hidden Files and Directories | Defense Evasion |
| T1106 | Native API | Execution |
| T1202 | Indirect Command Execution | Defense Evasion |
| T1074 | Data Staged | Collection |
| T1561 | Disk Wipe | Impact |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1129 | Shared Modules | Execution |
| T1485 | Data Destruction | Impact |
| T1547.001 | Registry Run Keys / Startup Folder | Persistence, Privilege Escalation |
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1564.003 | Hidden Window | Defense Evasion |
| T1219 | Remote Access Software | Command and Control |
| T1587 | Develop Capabilities | Resource Development |
| T1021.004 | SSH | Lateral Movement |
| T1657 | Financial Theft | Impact |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1069.001 | Local Groups | Discovery |
| T1016 | System Network Configuration Discovery | Discovery |
| T1566 | Phishing | Initial Access |
| T1482 | Domain Trust Discovery | Discovery |
| T1003.003 | NTDS | Credential Access |
| T1055.002 | Portable Executable Injection | Defense Evasion, Privilege Escalation |
| T1018 | Remote System Discovery | Discovery |
| T1070.004 | File Deletion | Defense Evasion |
| T1489 | Service Stop | Impact |
| T1082 | System Information Discovery | Discovery |
| T1218.010 | Regsvr32 | Defense Evasion |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1136 | Create Account | Persistence |
| T1622 | Debugger Evasion | Defense Evasion, Discovery |
| T1555 | Credentials from Password Stores | Credential Access |
| T1560.001 | Archive via Utility | Collection |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1484.001 | Group Policy Modification | Defense Evasion, Privilege Escalation |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1490 | Inhibit System Recovery | Impact |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1098 | Account Manipulation | Persistence, Privilege Escalation |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1491 | Defacement | Impact |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1620 | Reflective Code Loading | Defense Evasion |