FUD Zilla reports security researchers discovered that a Chinese manufacturer has been installing malware on its hand-held scanners to steal data from the supply chain. The security experts explain exfiltration of all financial data and ERP data was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company’s worldwide operations.
TrapX says infected scanners made by an unnamed Chinese manufacturer located in Shandong province have been sold to eight unnamed firms including a large robotics company. The manufacturer denied knowledge that its scanners and website-hosted software were infected.
Sixteen of the 48 scanners deployed at one firm were infected, TrapX found. They all successfully sought out and compromised host names containing the word finance and siphoning off the logistical and financial data.