ZipLine campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
The ZipLine campaign is targeting supply chain-critical manufacturing companies through public Contact Us forms, using weeks-long social engineering before sending weaponized ZIP files that deliver MixShell. The operation spans multiple organizations across sectors and countries, increasing the risk of IP theft, business email compromise, and supply-chain disruption.
Related Happenings
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor Meta
H score57
First: 21.04.2026 17:00
Last: 21.04.2026 17:00
Sources 1
About this happening:
**The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor MetaAbout this happening: **The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...
DOJ terminates Google-Wiz acquisition investigation
Regulatory/Legal Action
H score26
First: 01.12.2025 15:00
Last: 01.12.2025 15:00
Sources 1
About this happening:
The **US Department of Justice** terminated its investigation into **Google's acquisition of Wiz**, clearing a major regulatory hurdle for the **cybersecurity deal**. The transact...
DOJ terminates Google-Wiz acquisition investigation
Regulatory/Legal ActionAbout this happening: The **US Department of Justice** terminated its investigation into **Google's acquisition of Wiz**, clearing a major regulatory hurdle for the **cybersecurity deal**. The transact...
UNK_SmudgedSerpent overlaps with TA453 TA455 and TA450 campaign expands across multiple victims
Campaign
H score18
First: 05.11.2025 18:00
Last: 05.11.2025 18:00
Sources 1
About this happening:
**UNK_SmudgedSerpent** is a **previously unknown** campaign that targeted **academics** and **foreign policy experts** focused on **Iran** and related policy issues between **June...
UNK_SmudgedSerpent overlaps with TA453 TA455 and TA450 campaign expands across multiple victims
CampaignAbout this happening: **UNK_SmudgedSerpent** is a **previously unknown** campaign that targeted **academics** and **foreign policy experts** focused on **Iran** and related policy issues between **June...
ScreenConnect and NetSupport abuse for freight cargo hijacking
Malware Activity
H score29
First: 03.11.2025 18:46
Last: 03.11.2025 18:46
Sources 1
About this happening:
Malicious deployment of **ScreenConnect**, **NetSupport**, and related **RMM tools** is giving attackers remote control over **freight-broker** and **trucking carrier** systems, e...
ScreenConnect and NetSupport abuse for freight cargo hijacking
Malware ActivityAbout this happening: Malicious deployment of **ScreenConnect**, **NetSupport**, and related **RMM tools** is giving attackers remote control over **freight-broker** and **trucking carrier** systems, e...
Repeated malicious campaigns targeting North American freight companies in September-October 2025
Trend
H score37
First: 03.11.2025 17:00
Last: 03.11.2025 17:00
Sources 1
About this happening:
**North American freight companies** faced a sustained surge of malicious campaign activity in **September and October 2025**, with operators running **nearly two dozen campaigns*...
Repeated malicious campaigns targeting North American freight companies in September-October 2025
TrendAbout this happening: **North American freight companies** faced a sustained surge of malicious campaign activity in **September and October 2025**, with operators running **nearly two dozen campaigns*...
Timeline
-
26.08.2025 16:30 1 articles · 10mo ago
ZipLine campaign targets supply chain manufacturers via Contact Us forms
Initial DisclosureCheck Point Research disclosed the ZipLine campaign targeting supply chain-critical manufacturing companies and related sectors through public Contact Us forms, weeks-long credible exchanges, fake NDAs, and weaponized ZIP files that deliver the MixShell in-memory malware. The activity spans multiple organizations across the U.S., Singapore, Japan, and Switzerland and uses LNK-triggered PowerShell, DNS tunneling, HTTP fallback C2, and scheduled-task persistence, creating risks of intellectual property theft, business email compromise, account takeovers, ransomware, and supply-chain disruption.
Show sources
- MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers — thehackernews.com — 26.08.2025 16:30