A targeted series of attacks on suppliers of equipment and software for industrial enterprises is playing out globally, researchers say. The attacks seem bent on stealing Windows credentials in order to lay the groundwork for lateral movement inside a target network and follow-on activity. They have so far been seen being mounted on systems in Germany, Italy, Japan and the U.K. The kill chain starts with phishing emails, which are tailored and customized to the specific language for each victim. The data is hidden in the downloaded image, and is parsed out by the malware from pixels as defined by an algorithm in the script.
Source: https://threatpost.com/steganography-pinpoint-attacks-industrial-targets/156151/