China Embedding Malware in Inventory Scanners
Posted by w_thames_the_d on August 1, 2014
Chinese phone manufacturers such as Xiaomi and the anonymous producer of the Star N9500 , have been proven to ship cell phones which covertly connect to Beijing servers and transmit data to them. The N9500 was into data theft and credit card info and the Xiaomi Redmi merely told the communists in Beijing what you were texting and carbon copied them all your photos. This inventory scanner is a different beast altogether.
The Chinese company behind this mother of all thieves was really double dipping. Not only did it earn cash from selling inventory management product, but sensitive company information as well. Take a look, ‘Financial and business information was stolen from several shipping and logistics firms by sophisticated malware hiding in inventory scanners manufactured by a Chinese company.
The supply chain attack, dubbed “Zombie Zero,” was identified by security researchers from TrapX, a cybersecurity firm in San Mateo, California, who wrote about it in a report released Thursday.’
So this Chinese company designs malware into the units and then steals sensitive data such as inventory and financials. And here is how they did it.
‘”The attackers were exfiltrating all [stolen information] to a database,” says Carl Wright, general manager of TrapX. “They are very focused on manifests — what’s in it, what’s the value of it.”
Once the scanner is connected to the victim’s wireless network, it attacks the corporate network via the server message block (SMB) protocol, and the scanned information, including origin, destination, contents, value, and shipper and recipient information, is sent to a botnet that terminates at the Lanxiang Vocational School purportedly located in the Shangdong province in China. The school has been linked to the infamous Operation Aurora cyber espionage campaign that hit Google, Adobe, Intel, and many other major US firms more than four years ago, and is located one block from the inventory scanner manufacturer in question, according to TrapX.
The botnet then sends the scanner a second piece of malware that targets the victim’s corporate financial, customer, shipping, and manifest information. “That was able to take control of the ERP [enterprise resource planning] system,” he says. This would, among other things, allow the attacker to make a package “disappear” or “reappear,” he says. The attack targets a specific, major ERP system, says Wright, who declined to reveal the name of the product due to an investigation into the attacks.
He says it’s difficult to discern if the attackers are after the logistics firms themselves or their customers.
“The exfiltration of all financial data as well as CRM data was achieved providing the attacker complete situational awareness and visibility into the shipping and logistics targets worldwide operations,” TrapX said in a report it published today on the attacks.
The poisoned inventory scanners echo previous concerns raised by the US government about doing business with Chinese technology companies. Huawei, Lenovo, and ZTE were among those firms called out by US officials in the past amid concerns their products could be backdoored with cyberspying malware.’
Which basically means that China has proven they can and will compromise all product from their country which should only lead us to say, ‘Why are we buying their stuff anymore?’