Cyber Risk in the Transportation Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Transportation.

Report

APT45: North Korea’s Digital Military Machine

This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...

View Source
Report

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

This blog post by researchers at Microsoft Threat Intelligence outlines activity they observed by Forest Blizzard using a tool they named ...

View Source
Report

Threat Assessment: EKANS Ransomware

This threat assessment from researchers at Palo Alto's Unit 42 covers the EKANS ransomware. According to the report, EKANS was first observed in ...

View Source
Report

GhostSec’s joint ransomware operation and evolution of their arsenal

This Threat Spotlight from Cisco Talos describes the evolution of GhostSec's ransomware operations including their work with the Stormous ...

View Source
Report

Threat Assessment: Black Basta Ransomware

This threat assessment from Palo Alto's Unit 42 describes the Black Basta 'Ransomware as a Service' operation including TTPs (tactics, techniques ...

View Source
Report

Ransomware Spotlight: Black Basta

This report from Trend Micro outlines tactics, techniques and procedures used by the Black Basta Ransomware group. According to the report, Black ...

View Source
Report

Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign

The Insikt Group has observed the TAG-70 using cross-site scripting (XSS) vulnerabilities to target Roundcube webmail servers in Europe. The ...

View Source
Report

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

This report from Microsoft Threat Intelligence describes a subset of activity related to the Mint Sandstorm actor. The campaign includes the theft ...

View Source
Report

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Following an initial advisory issued in May 2023, this advisory from CISA, NSA and partners outlines information on the broader campaign of cyber ...

View Source
Report

APT1: Exposing One of China's Cyber Espionage Units

The APT1 report represents years of work by Mandiant, who analysed data across hundreds of breaches globally. The report identifies APT1 as a ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Transportation.

ATT&CK ID Title Associated Tactics
T1080 Taint Shared Content Lateral Movement
T1119 Automated Collection Collection
T1053 Scheduled Task/Job Execution, Persistence, Privilege Escalation
T1204 User Execution Execution
T1486 Data Encrypted for Impact Impact
T1057 Process Discovery Discovery
T1083 File and Directory Discovery Discovery
T1005 Data from Local System Collection
T1036 Masquerading Defense Evasion
T1569.002 Service Execution Execution
T1560 Archive Collected Data Collection
T1543 Create or Modify System Process Persistence, Privilege Escalation
T1140 Deobfuscate/Decode Files or Information Defense Evasion
T1010 Application Window Discovery Discovery
T1071 Application Layer Protocol Command and Control
T1059 Command and Scripting Interpreter Execution
T1090.001 Internal Proxy Command and Control
T1564.001 Hidden Files and Directories Defense Evasion
T1027 Obfuscated Files or Information Defense Evasion
T1003 OS Credential Dumping Credential Access
T1106 Native API Execution
T1202 Indirect Command Execution Defense Evasion
T1048 Exfiltration Over Alternative Protocol Exfiltration
T1021 Remote Services Lateral Movement
T1074 Data Staged Collection
T1561 Disk Wipe Impact
T1578 Modify Cloud Compute Infrastructure Defense Evasion
T1129 Shared Modules Execution
T1485 Data Destruction Impact
T1078 Valid Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1547.001 Registry Run Keys / Startup Folder Persistence, Privilege Escalation
T1095 Non-Application Layer Protocol Command and Control
T1489 Service Stop Impact
T1082 System Information Discovery Discovery
T1112 Modify Registry Defense Evasion
T1218.010 Regsvr32 Defense Evasion
T1573 Encrypted Channel Command and Control
T1562.001 Disable or Modify Tools Defense Evasion
T1136 Create Account Persistence
T1566.001 Spearphishing Attachment Initial Access
T1543.003 Windows Service Persistence, Privilege Escalation
T1047 Windows Management Instrumentation Execution
T1219 Remote Access Software Command and Control
T1622 Debugger Evasion Defense Evasion, Discovery
T1555 Credentials from Password Stores Credential Access
T1560.001 Archive via Utility Collection
T1562.009 Safe Mode Boot Defense Evasion
T1484.001 Group Policy Modification Defense Evasion, Privilege Escalation
T1059.001 PowerShell Execution
T1574.001 DLL Search Order Hijacking Defense Evasion, Persistence, Privilege Escalation
T1567 Exfiltration Over Web Service Exfiltration
T1490 Inhibit System Recovery Impact
T1021.001 Remote Desktop Protocol Lateral Movement
T1016 System Network Configuration Discovery Discovery
T1087.002 Domain Account Discovery
T1562.004 Disable or Modify System Firewall Defense Evasion
T1098 Account Manipulation Persistence, Privilege Escalation
T1070.004 File Deletion Defense Evasion
T1041 Exfiltration Over C2 Channel Exfiltration
T1018 Remote System Discovery Discovery
T1491 Defacement Impact
T1570 Lateral Tool Transfer Lateral Movement
T1059.003 Windows Command Shell Execution
T1068 Exploitation for Privilege Escalation Privilege Escalation
T1620 Reflective Code Loading Defense Evasion
T1571 Non-Standard Port Command and Control
T1056 Input Capture Collection, Credential Access
T1114 Email Collection Collection
T1203 Exploitation for Client Execution Execution
T1212 Exploitation for Credential Access Credential Access
T1566 Phishing Initial Access
T1592 Gather Victim Host Information Reconnaissance
T1090.003 Multi-hop Proxy Command and Control
T1090 Proxy Command and Control
T1105 Ingress Tool Transfer Command and Control
T1113 Screen Capture Collection
T1078.004 Cloud Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1550 Use Alternate Authentication Material Defense Evasion, Lateral Movement
T1021.007 Cloud Services Lateral Movement
T1563 Remote Service Session Hijacking Lateral Movement
T1124 System Time Discovery Discovery
T1007 System Service Discovery Discovery
T1033 System Owner/User Discovery Discovery
T1016.001 Internet Connection Discovery Discovery
T1614 System Location Discovery Discovery
T1518 Software Discovery Discovery
T1012 Query Registry Discovery
T1069 Permission Groups Discovery Discovery
T1120 Peripheral Device Discovery Discovery
T1046 Network Service Discovery Discovery
T1654 Log Enumeration Discovery
T1217 Browser Information Discovery Discovery
T1087.001 Local Account Discovery
T1552.004 Private Keys Credential Access
T1552 Unsecured Credentials Credential Access
T1003.003 NTDS Credential Access
T1003.001 LSASS Memory Credential Access
T1555.003 Credentials from Web Browsers Credential Access
T1110.002 Password Cracking Credential Access
T1218 System Binary Proxy Execution Defense Evasion
T1027.002 Software Packing Defense Evasion
T1036.005 Match Legitimate Name or Location Defense Evasion
T1070.001 Clear Windows Event Logs Defense Evasion
T1070.009 Clear Persistence Defense Evasion
T1006 Direct Volume Access Defense Evasion
T1059.004 Unix Shell Execution
T1133 External Remote Services Initial Access, Persistence
T1190 Exploit Public-Facing Application Initial Access
T1588.005 Exploits Resource Development
T1587.004 Exploits Resource Development
T1584.004 Server Resource Development
T1584.005 Botnet Resource Development
T1583.003 Virtual Private Server Resource Development
T1594 Search Victim-Owned Websites Reconnaissance
T1593 Search Open Websites/Domains Reconnaissance
T1591 Gather Victim Org Information Reconnaissance
T1590 Gather Victim Network Information Reconnaissance
T1589.002 Email Addresses Reconnaissance
T1589 Gather Victim Identity Information Reconnaissance