The attack has been ongoing since March 2017.
The UK’s National Cyber Security Council (NCSC) has warned of an ongoing attack campaign against multiple companies involved in the Critical National Infrastructure (CNI) supply chain – with the hostile attacks focused on engineering and industrial control companies.
The attack, ongoing since March 2017, has involved the harvesting of NTLM credentials via Server Message Block (SMB) using strategic web compromises and spear-phishing.
Target networks are attacked in one of two main ways, the NCSC said in a comprehensive advisory published on Thursday.
1 – The attacker carries out a watering hole attack, compromising a website of interest to the target, and adding a link to a resource located on a malicious fileserver.
2 – The attacker sends a spear-phishing email from a compromised account containing a document of interest.