China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world.
The attack, dubbed "Zombie Zero," has been analyzed by cybersecurity solutions provider TrapX, a company formerly known as CyberSense. According to TrapX, the attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory the items they're handling.
The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices. Additionally, the threat is also distributed via the company's support website, the security firm noted in its report (PDF).
The scanners transmit the data they collect (origin, destination, value, contents, etc.) via the customer's wireless network. Once the customer starts using the device, the malware immediately sends this information back to a command and control (C&C) server located in China.