Odd NuGet package for industrial equipment raises espionage concerns
A package uploaded to NuGet, a popular open-source .NET package repository, has raised cyberespionage concerns due to its method of continuously exfiltrating screen captures from industrial equipment.
The “SqzrFramework480” package was discovered by ReversingLabs after it was flagged by the company’s Titanium Platform during researchers’ routine threat hunting procedures. ReversingLabs Threat Researcher Petar Kirhmajer published a blog post detailing the research team’s findings on Tuesday.
Uploaded by a user called “zhaoyushun1999” on Jan. 24, the package is a .NET library with a range of functions related to industrial systems such as graphical user interface (GUI) management, machine vision library configuration and robotic movement calibration.
The package appears to be geared toward developers working with equipment manufactured by a company called BOZHON Precision Industry Technology, based on the presence of BOZHON’s logo in the package’s resource header.
