‘Operation Sugarush’ Mounts Concerning Spy Effort on Shipping, Healthcare Industries
Researchers at Mandiant have identified a Persian-speaking threat group targeting a range of industries such as healthcare and energy. However, the group appears to have a specific focus on the shipping sector. Mandiant has named the group UNC3890. The threat group uses email social-engineering lures and a watering hole hosted on the login page of legitimate shipping companies. This allows the group to disguise its malicious activity. The group mainly targets Israeli victims, however, multinational companies could also be at risk. If a company with a broad scope of activity was targeted, the threat could potentially have a global impact on the shipping industry.
The threat actor attempts to conduct credential stealing to gain initial access into a targeted organization. UNC3890 seems to be focused on espionage as its main motivation behind the attacks. Mandiant states that the threat actor’s activity in the shipping sector is the most concerning as it could have global impacts. In addition, the intelligence gathered on the Israeli companies could be used to launch more aggressive efforts.