Attackers Use 'Contact Us' Forms and Fake NDAs to Phish Industrial Manufacturing Firms
HelpNet Security, Friday, August 29th, 2025
A recently uncovered phishing campaign - carefully designed to bypass security defenses and avoid detection by its intended victims - is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point researchers have warned.
The phishing campaign(s)
The researchers believe that the campaign has been mounted by financially motivated threat actors.
Its goal is to deliver a malicious ZIP archive that contains a PowerShell script that will be executed in memory, and use it to ultimately deliver a custom in-memory implant/backdoor called 'MixShell'. The malware uses DNS TXT tunneling with HTTP fallback for C2 communications and executes commands and file operations remotely.