A wave of potential pre-ransomware activity has been spotted targeting the manufacturing sector: OT security firm Dragos warned this week of several automotive manufacturers now infected with the infamous Emotet backdoor malware that’s commonly used as an initial infection vector to drop ransomware.
Ransomware attackers for some time now have been training their campaigns on manufacturing companies. Dragos said it has identified Emotet command-and-control servers communicating with servers at automotive manufacturing companies. While so far there’s been no sign of actual ransomware payloads getting dropped onto the manufacturers — based in North America and Japan — Dragos says the activity appears to be the possible first stage of ransomware attacks.
“These Emotet servers are suspected to be controlled by the Conti ransomware group,” Dragos wrote in its blog. The firm said it first spotted the traffic in December of 2021 and that it has continued through March 2022.