Publicly disclosed information for this event
The website of a logistics company is compromised and used in the context of a waterholing attack [...]
The website of a logistics company is compromised and used in the context of a waterholing attack carried out by a reputed Iranian state actor.
Claimed/Reported Threat Actor
Recommendations to Logistics to reduce Waterholing Attack risks:
Educate employees about the risks of visiting untrusted websites and downloading content. Implement network-level filtering to block access to known malicious websites. Regularly update and patch web browsers and plugins to protect against exploits. Use web isolation solutions to protect against malware infections from compromised websites. Monitor network traffic for unusual patterns and unexpected connections to suspicious domains. Check with your CSIRT organization the existence of such websites in your sector.
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness,
quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and
support to the victims of attacks. Yes, there are no common and shared incident IDs in cyber (for now!).
Files generated on Thursday, 02nd November 2023.
ADMIRAL is licensed under the Creative Commons
Copyright © France Cyber Maritime 2023.