Alerts and Advisories

Advisory: Hostile state actors compromising UK organisations with focus on engineering and industrial control companies

Created:  05 Apr 2018
Updated:  05 Apr 2018
This advisory highlights the sustained risk to UK companies involved as well as providing further details on the activity and guidance for any organisations affected.

Introduction

The NCSC is aware of an ongoing attack campaign against multiple companies involved in the CNI supply chain. These attacks have been ongoing since at least March 2017. The targeting is focused on engineering and industrial control companies and has involved the harvesting of NTLM credentials via Server Message Block (SMB) using strategic web compromises and spear-phishing.

This advisory highlights the sustained risk to UK companies involved in these sectors as well as providing further details on the activity and guidance for any organisations affected. Further information on this activity was published on 15 March by the US Department of Homeland Security.

Download the advisory here or, alternatively, use the download tab at the top of this page.

NCSC advisory - CNI Supply Chain.pdf

PDF, 474.65KB

This file may not be suitable for users of assistive technology.

Hostile state actors compromising UK organisations with focus on engineering and industrial control companies

Was this information helpful?

We need your feedback to improve this content.

Yes No