Threat Intelligence

Construction sector bombarded with APT intrusions

(Photo by Joe Woolhead/Construction Photography/Avalon/Getty Images)

Accelerated digital transformation and overdependence on third-party vendors have made the construction sector an increasingly attractive target for Chinese, Russian, North Korean, and Iranian state-backed advanced persistent threat operations, reports Cyber Security News.

APTs leveraged phishing emails, stolen Remote Desktop Protocol, Citrix, and Secure Shell credentials, as well as supply chain flaws to infiltrate building and construction networks and facilitate subsequent lateral network movement for the theft of sensitive organizational data, including contracts and personal information, according to an analysis from Rapid7 researchers.

Moreover, RDP, SSH, SMTP, FTP, VPN, and Citrix credentials harnessed by nation-state hackers were obtained from dark web markets, instead of being procured from their own attacks. Additional findings revealed the prolific marketplace for such credentials, with many sellers offering active session or network diagram screenshots to prove access. Threat actors have also been able to verify the marketplaces' reputation via advanced rating systems and escrow services, researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds