ZipLine campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
The ZipLine campaign is targeting supply chain-critical manufacturing companies through public Contact Us forms, using weeks-long social engineering before sending weaponized ZIP files that deliver MixShell. The operation spans multiple organizations across sectors and countries, increasing the risk of IP theft, business email compromise, and supply-chain disruption.
Related Happenings
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor Meta
First: 21.04.2026 17:00
Last: 21.04.2026 17:00
Sources 1
About this happening:
**The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor MetaAbout this happening: **The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...
DOJ terminates Google-Wiz acquisition investigation
Regulatory/Legal Action
First: 01.12.2025 15:00
Last: 01.12.2025 15:00
Sources 1
About this happening:
The **US Department of Justice** terminated its investigation into **Google's acquisition of Wiz**, clearing a major regulatory hurdle for the **cybersecurity deal**. The transact...
DOJ terminates Google-Wiz acquisition investigation
Regulatory/Legal ActionAbout this happening: The **US Department of Justice** terminated its investigation into **Google's acquisition of Wiz**, clearing a major regulatory hurdle for the **cybersecurity deal**. The transact...
UNK_SmudgedSerpent overlaps with TA453 TA455 and TA450 campaign expands across multiple victims
Campaign
First: 05.11.2025 18:00
Last: 05.11.2025 18:00
Sources 1
About this happening:
**UNK_SmudgedSerpent** is a **previously unknown** campaign that targeted **academics** and **foreign policy experts** focused on **Iran** and related policy issues between **June...
UNK_SmudgedSerpent overlaps with TA453 TA455 and TA450 campaign expands across multiple victims
CampaignAbout this happening: **UNK_SmudgedSerpent** is a **previously unknown** campaign that targeted **academics** and **foreign policy experts** focused on **Iran** and related policy issues between **June...
ScreenConnect and NetSupport abuse for freight cargo hijacking
Malware Activity
First: 03.11.2025 18:46
Last: 03.11.2025 18:46
Sources 1
About this happening:
Malicious deployment of **ScreenConnect**, **NetSupport**, and related **RMM tools** is giving attackers remote control over **freight-broker** and **trucking carrier** systems, e...
ScreenConnect and NetSupport abuse for freight cargo hijacking
Malware ActivityAbout this happening: Malicious deployment of **ScreenConnect**, **NetSupport**, and related **RMM tools** is giving attackers remote control over **freight-broker** and **trucking carrier** systems, e...
Repeated malicious campaigns targeting North American freight companies in September-October 2025
Target Trend
First: 03.11.2025 17:00
Last: 03.11.2025 17:00
Sources 1
About this happening:
**North American freight companies** faced a sustained surge of malicious campaign activity in **September and October 2025**, with operators running **nearly two dozen campaigns*...
Repeated malicious campaigns targeting North American freight companies in September-October 2025
Target TrendAbout this happening: **North American freight companies** faced a sustained surge of malicious campaign activity in **September and October 2025**, with operators running **nearly two dozen campaigns*...
Timeline
-
26.08.2025 16:30 1 articles · 9mo ago
ZipLine campaign targets supply chain manufacturers via Contact Us forms
Initial DisclosureCheck Point Research disclosed the ZipLine campaign targeting supply chain-critical manufacturing companies and related sectors through public Contact Us forms, weeks-long credible exchanges, fake NDAs, and weaponized ZIP files that deliver the MixShell in-memory malware. The activity spans multiple organizations across the U.S., Singapore, Japan, and Switzerland and uses LNK-triggered PowerShell, DNS tunneling, HTTP fallback C2, and scheduled-task persistence, creating risks of intellectual property theft, business email compromise, account takeovers, ransomware, and supply-chain disruption.
Show sources
- MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers — thehackernews.com — 26.08.2025 16:30