Hackers track where shipments go with tainted inventory scanners

Manufacturing // Other Critical Infrastructure // United States

Malicious software has been found on tools at seven shipping and logistics companies across the globe that pulled the firms’ financial, customer and operational data into a Chinese botnet. 

Cyber outfit TrapX first detected the malware in scanner software about six months ago while doing security testing for one shipping company. The botnet — a network of infected computers that is controlled as a group without its owners knowing — was traced to the Lanxiang Vocational School, which is speculated to serve as a hub of anti-U.S. hacking.

TrapX found infections on 16 of its customer’s 48 scanners made by a Chinese manufacturer located near the school.

“This is a serious supply-chain issue,” says Carl Wright, general manager of North America for TrapX. “It was only a matter of time before people took advantage of the supply chain to infiltrate our organizations.”

After discovering the intrusions, the security company contacted other customers of the scanner manufacturer and realized their scanners had the same malware.

Logistics firms use the scanners to track shipments and the attackers were very focused on manifests – what was listed there and the value of the items, according to Dark Reading.

“Once the scanner is connected to the victim's wireless network, it attacks the corporate network,” the news website reports. The control mechanisms of the malware would, among other things, allow the attacker to make a package disappear or reappear.

The manufacturer denies culpability.

"All scanner attacks targeted very specific corporate servers,” according to a report released by TrapX. “The attack looked for and compromised servers that had the word 'finance' in their Host name.”