Multiple Automotive Manufacturers Infected With Emotet

Telemetry from industrial systems security firm Dragos has spotted the malware command-and-control servers communicating with several automotive manufacturer systems.

Dark Reading Staff, Dark Reading

March 17, 2022

1 Min Read

A wave of potential pre-ransomware activity has been spotted targeting the manufacturing sector: OT security firm Dragos warned this week of several automotive manufacturers now infected with the infamous Emotet backdoor malware that's commonly used as an initial infection vector to drop ransomware.

Ransomware attackers for some time now have been training their campaigns on manufacturing companies. Dragos said it has identified Emotet command-and-control servers communicating with servers at automotive manufacturing companies. While so far there's been no sign of actual ransomware payloads getting dropped onto the manufacturers — based in North America and Japan — Dragos says the activity appears to be the possible first stage of ransomware attacks.

"These Emotet servers are suspected to be controlled by the Conti ransomware group," Dragos wrote in its blog. The firm said it first spotted the traffic in December of 2021 and that it has continued through March 2022.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights