Cyber Risk in the Transportation Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Transportation.

Report

APT45: North Korea’s Digital Military Machine

This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...

View Source

Report

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

This blog post by researchers at Microsoft Threat Intelligence outlines activity they observed by Forest Blizzard using a tool they named ...

View Source

Report

Threat Assessment: EKANS Ransomware

This threat assessment from researchers at Palo Alto's Unit 42 covers the EKANS ransomware. According to the report, EKANS was first observed in ...

View Source

Report

GhostSec’s joint ransomware operation and evolution of their arsenal

This Threat Spotlight from Cisco Talos describes the evolution of GhostSec's ransomware operations including their work with the Stormous ...

View Source

Report

Threat Assessment: Black Basta Ransomware

This threat assessment from Palo Alto's Unit 42 describes the Black Basta 'Ransomware as a Service' operation including TTPs (tactics, techniques ...

View Source

Report

Ransomware Spotlight: Black Basta

This report from Trend Micro outlines tactics, techniques and procedures used by the Black Basta Ransomware group. According to the report, Black ...

View Source

Report

Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign

The Insikt Group has observed the TAG-70 using cross-site scripting (XSS) vulnerabilities to target Roundcube webmail servers in Europe. The ...

View Source

Report

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

This report from Microsoft Threat Intelligence describes a subset of activity related to the Mint Sandstorm actor. The campaign includes the theft ...

View Source

Report

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Following an initial advisory issued in May 2023, this advisory from CISA, NSA and partners outlines information on the broader campaign of cyber ...

View Source

Report

APT1: Exposing One of China's Cyber Espionage Units

The APT1 report represents years of work by Mandiant, who analysed data across hundreds of breaches globally. The report identifies APT1 as a ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Transportation.

Search:

ATT&CK ID	Title	Associated Tactics
T1080	Taint Shared Content	Lateral Movement
T1119	Automated Collection	Collection
T1053	Scheduled Task/Job	Execution, Persistence, Privilege Escalation
T1204	User Execution	Execution
T1486	Data Encrypted for Impact	Impact
T1057	Process Discovery	Discovery
T1083	File and Directory Discovery	Discovery
T1005	Data from Local System	Collection
T1036	Masquerading	Defense Evasion
T1569.002	Service Execution	Execution
T1560	Archive Collected Data	Collection
T1543	Create or Modify System Process	Persistence, Privilege Escalation
T1140	Deobfuscate/Decode Files or Information	Defense Evasion
T1010	Application Window Discovery	Discovery
T1071	Application Layer Protocol	Command and Control
T1059	Command and Scripting Interpreter	Execution
T1090.001	Internal Proxy	Command and Control
T1564.001	Hidden Files and Directories	Defense Evasion
T1027	Obfuscated Files or Information	Defense Evasion
T1003	OS Credential Dumping	Credential Access
T1106	Native API	Execution
T1202	Indirect Command Execution	Defense Evasion
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1021	Remote Services	Lateral Movement
T1074	Data Staged	Collection
T1561	Disk Wipe	Impact
T1578	Modify Cloud Compute Infrastructure	Defense Evasion
T1129	Shared Modules	Execution
T1485	Data Destruction	Impact
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1547.001	Registry Run Keys / Startup Folder	Persistence, Privilege Escalation
T1095	Non-Application Layer Protocol	Command and Control
T1489	Service Stop	Impact
T1082	System Information Discovery	Discovery
T1112	Modify Registry	Defense Evasion
T1218.010	Regsvr32	Defense Evasion
T1573	Encrypted Channel	Command and Control
T1562.001	Disable or Modify Tools	Defense Evasion
T1136	Create Account	Persistence
T1566.001	Spearphishing Attachment	Initial Access
T1543.003	Windows Service	Persistence, Privilege Escalation
T1047	Windows Management Instrumentation	Execution
T1219	Remote Access Software	Command and Control
T1622	Debugger Evasion	Defense Evasion, Discovery
T1555	Credentials from Password Stores	Credential Access
T1560.001	Archive via Utility	Collection
T1562.009	Safe Mode Boot	Defense Evasion
T1484.001	Group Policy Modification	Defense Evasion, Privilege Escalation
T1059.001	PowerShell	Execution
T1574.001	DLL Search Order Hijacking	Defense Evasion, Persistence, Privilege Escalation

Showing 1 to 50 of 119 entries