Bitdefender researchers discovered an APT- style cyber-espionage attack targeting an international architectural and video production company.
Bitdefender researchers discovered an APT- style cyber-espionage attack targeting an international architectural and video production company.
The targeted company has dealings of billion-dollar architectural projects in New York, London, Australia and Oman. The customers and projects of the company include luxury residencies, well known A-list interior designers and high-profile architects.
As per the reports, the complexity of the attacks reveals an APT-style group, where the attackers had prior information of the company’s security systems. They carefully planned the attack using software applications to infiltrate the company and exfiltrate the data undetected.
“The cybercriminals group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max, ” said Bitdefender researchers in a report published today.
The cybercriminals group uses the Command and Control Infrastructure located in South Korea to check the malicious payload against the organisation’s security solution.
During the investigation, Bitdefender's found out that the bad actors had an entire toolset featuring spying abilities.
Autodesk warned about a variant of a MAXScript exploit “PhysXPluginMfx.” The exploit can corrupt 3ds Max software’s settings, run a malicious code and propagate to other Max files on a Windows system if scene files that contain the script are loaded into the software.
Image @the hacker news
But according to Bitdefender’s forensic analysis, the sketchy MAXScript Encrypted script contained an embedded DLL file, which subsequently went on to download additional .NET binaries from the C&C server with the final goal of stealingcrucial documents.
The binaries, in turn, download other malicious MAXScripts which can collect information about the compromised system. Later they exfiltrate the details to the remote server, which transmits a final payload, that can capture screenshots and gather passwords from web browsers much as Firefox, Internet Explorer and Google Chrome.
The malware authors had an entire toolset for spying upon its targets, including a “HdCrawler” binary which can calculate and upload files with specific extensions (.webp, .jog, .png, .zp, .obb, .uasset etc.) to the server, and an ing-stealer with extensive features.
As a safety precaution, 3ds Max users are need to download the latest version of Security Tools for Autodesk 3ds Max 2021-2015SPI to identify and remove the PhysXPluginMfx MaxScript malware.
"Industrial espionage is nothing new and, since the real-estate industry is highly competitive, with contracts valued at billions of dollars, the stakes are high for winning contracts for luxury projects and could justify turning to mercenary APT groups for gaining a negotiation advantage, ” researchers said.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?