MixShell Malware Targeting U.S. Supply Chain Manufacturers Delivered Through Contact Forms

ByAdmin

Cybersecurity researchers have raised alarms about a sophisticated social engineering campaign targeting supply chain-critical manufacturing companies with a stealthy in-memory malware known as MixShell. Codenamed ZipLine by Check Point Research, this campaign diverges from traditional phishing tactics by initiating contact through a company’s public ‘Contact Us’ form. Attackers manipulate employees into engaging in seemingly professional conversations that can last for weeks, often culminating in the signing of fake Non-Disclosure Agreements (NDAs) before delivering a weaponised ZIP file containing the MixShell malware. The campaign has primarily focused on U.S.-based entities but has also extended its reach to organisations in Singapore, Japan, and Switzerland, indicating a strategic targeting of industries vital to the supply chain.

The motives and origins of the ZipLine campaign remain unclear, although Check Point has identified overlapping digital certificates linking the attacks to infrastructure previously associated with TransferLoader attacks by a threat cluster known as UNK_GreenSec. This campaign exemplifies how threat actors exploit legitimate business workflows, leveraging trust to bypass security concerns. Unlike previous methods that relied on urgency and scare tactics, ZipLine employs a more patient approach, drawing victims into extended dialogues before delivering malicious payloads. The attack chain features multi-stage payloads, in-memory execution, and DNS-based command-and-control channels, allowing the attackers to operate discreetly. The ZIP files are designed with a Windows shortcut (LNK) that activates a PowerShell loader, ultimately facilitating the deployment of the custom MixShell implant. 

Categories: Cybersecurity Threats, Social Engineering Tactics, Supply Chain Vulnerabilities 

Tags: Social Engineering, Supply Chain, In-Memory Malware, MixShell, Cybersecurity, Phishing, Contact Us Form, Industrial Manufacturing, Command-and-Control, AI Transformation 

Leave a Reply

Your email address will not be published. Required fields are marked *