Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

Proofpoint observed a targeted campaign abusing compromised legitimate email accounts within ongoing threads to distribute multiple malware families (Lumma Stealer, StealC, NetSupport, DanaBot, Arechclient2) to North American transportation and logistics companies using .URL attachments, SMB-hosted executables, and a ClickFix Base64 PowerShell flow; the brief includes numerous SHA256 hashes and URLs as IOCs and assesses the activity as financially motivated cybercrime.