The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack
Industry Category

Civil Engineering

Breach intelligence, attack campaigns, and threat reports targeting the Civil Engineering sector.

4 threat reports
Page 1 of 1

Explore Other Sectors

Accounting
Aerospace/Aviation
Agriculture
Airlines/Aviation
Animation
Apparel/Fashion
Architecture/Planning
Artificial Intelligence
Artificial Intelligence/Machine Learning
Arts/Crafts
Automotive
Aviation/Aerospace
Banking/Mortgage
Biotechnology/Greentech
Blockchain/Cryptocurrency
Broadcast Media
Broadcasting Media
Broadcasting/Media
Building Materials
Business Supplies/Equipment
Capital Markets/Hedge Fund/Private Equity
Chemical
Chemicals
Civic/Social Organization
Civil Engineering
Cloud Computing
Cloud Computing/SaaS
Cloud Services
Commercial Facilities
Commercial Real Estate
Computer Games
Computer Hardware
Computer Networking
Computer Software/Engineering
Computer/Network Security
Construction
Consulting
Consumer Electronics
Consumer Goods
Consumer Services
Cosmetics
Cosmetics
Critical Manufacturing
Cryptocurrencies
Customer Services
Cybersecurity
Dairy
Dating/Personal Services
Defense/Space
Design
E-Learning
Education Management
Electrical/Electronic Manufacturing
Emergency Services
Energy
Energy/Oil/Solar/Greentech
Entertainment/Movie Production
Environmental Services
Events Services
Facilities Services
Farming
Fashion/Apparel
Financial Services
Fine Art
Fishery
Food Production
Food/Beverages
Fortune 500 companies
Franchising
Fundraising
Gambling/Casinos
Gaming
Gaming/Casinos
Government Administration
Government Facilities
Government Relations
Graphic Design/Web Design
Health Care / Life Sciences
Higher Education/Acadamia
Hospitality
Human Resources/HR
Import/Export
Individual/Family Services
Industrial Automation
Information Services
Information Technology/IT
Insurance
International Affairs
International Trade/Development
Internet
Investment Banking/Venture
Investment Management/Hedge Fund/Private Equity
Judiciary
Law Enforcement
Law Practice/Law Firms
Legal Services
Legislative Office
Leisure/Travel
Logistics/Procurement
Luxury Goods/Jewelry
Machinery
Management Consulting
Manufacturing
Maritime
Marketing/Advertising/Sales
Mechanical or Industrial Engineering
Media Production
Medical Equipment
Medical Practice
Military Industry
Mining/Metals
Mobile
Museums/Institutions
Music
Newspapers/Journalism
Non-Profit/Volunteering
Oil/Energy/Solar/Greentech
Online Publishing
Outsourcing/Offshoring
Package/Freight Delivery
Parking
Pharmaceuticals
Philanthropy
Photography
Plastics
Political Organization
Primary/Secondary Education
Professional Training
Public Relations/PR
Public Safety
Publishing Industry
Railroad Manufacture
Real Estate/Mortgage
Recreational Facilities/Services
Religious Institutions
Renewables/Environment
Research Industry
Restaurants
Retail Industry
Robotics
Rural Healthcare
Security/Investigations
Semiconductors
Sporting Goods
Sports
Staffing/Recruiting
Supermarkets
Technology
Technology/IT
Telecommunications
Think Tanks
Toys and Games
Transportation
Travel/Tourism
Trucking/Freight
Utilities
Venture Capital/VC
Warehousing
Water and Wastewater
Water and Wastewater Systems
Water and Wastewater Treatment
Water, Waste, Steam, and Air Conditioning Services
Water/Wastewater Management
Water/Wastewater/Utilities
Wholesale
Wireless

Civil Engineering Threat Reports

Showing 14 / 4 reports
Critical Vulnerability in Carlson VASCO-B GNSS Receiver (CVE-2026-3893)
Impact· HIGH
Construction

Critical Vulnerability in Carlson VASCO-B GNSS Receiver (CVE-2026-3893)

In April 2026, a critical vulnerability (CVE-2026-3893) was identified in Carlson Software's VASCO-B GNSS Receiver versions prior to 1.4.0. This flaw, due to missing authentication mechanisms, allows remote attackers to alter system configurations and disrupt device operations without requiring credentials. The vulnerability has a CVSS score of 9.4, indicating its severity, and primarily affects the Critical Manufacturing sector globally. ([socdefenders.ai](https://www.socdefenders.ai/item/3f9fa938-de90-494a-99b5-bc0ba05499a8?utm_source=openai)) The incident underscores the importance of securing GNSS receivers, which are integral to infrastructure operations. Organizations are advised to update to version 1.4.0 or later, minimize network exposure of control systems, implement firewalls, and use secure remote access methods like VPNs to mitigate potential risks. ([socdefenders.ai](https://www.socdefenders.ai/item/3f9fa938-de90-494a-99b5-bc0ba05499a8?utm_source=openai))

2 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(medium)
I
Impact(medium)
Read Report
Russian Access Broker Sentenced to 81 Months for Facilitating Ransomware Attacks
Impact· HIGH
Banking/Mortgage

Russian Access Broker Sentenced to 81 Months for Facilitating Ransomware Attacks

In March 2026, Russian national Aleksei Volkov was sentenced to 81 months in a U.S. federal prison for his role as an initial access broker for ransomware groups, notably Yanluowang. Operating between July 2021 and November 2022, Volkov exploited vulnerabilities in corporate networks, selling access to ransomware operators. His activities led to over $9 million in confirmed losses and more than $24 million in intended losses across multiple U.S. businesses, including an engineering firm and a bank. Two victims paid a combined $1.5 million in ransom. This case underscores the evolving tactics of ransomware groups, which now include harassment and distributed denial of service attacks to pressure victims. The sentencing highlights the increasing legal consequences for cybercriminals and the importance of robust cybersecurity measures to prevent such breaches.

3 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(medium)
I
Impact(high)
Read Report
RomCom Exploits SocGholish Loader in U.S. Civil Engineering Breach
Impact· low
Civil Engineering

RomCom Exploits SocGholish Loader in U.S. Civil Engineering Breach

In June 2025, a U.S.-based civil engineering firm was targeted by the RomCom cybercriminal group leveraging the SocGholish JavaScript loader to deliver the advanced Mythic Agent malware. This marked the first known instance of RomCom using SocGholish for payload distribution. Attackers gained initial access through fake browser update lures hosted on compromised websites, allowing them to deploy the remote access trojan (RAT) and establish persistent control within the victim’s network. The attack resulted in exposure of sensitive engineering data and raised concerns regarding lateral movement and potential data exfiltration. This incident illustrates the ongoing trend of converging threat actor tactics, with attackers combining phishing, living-off-the-land tools, and stealthy malware loaders to increase their reach. As cybercriminal organizations diversify their infection vectors, organizations must swiftly adapt their detection and response strategies.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(low)
I
Impact(low)
Read Report
Chinese APT Exploits ArcGIS Tool for Stealthy Persistence and Credential Theft
Impact· medium
Government Administration

Chinese APT Exploits ArcGIS Tool for Stealthy Persistence and Credential Theft

In 2025, a Chinese state-sponsored Advanced Persistent Threat (APT) group, attributed to Flax Typhoon, maintained over a year of undetected access to an organization's network by exploiting a public-facing ArcGIS geo-mapping server. The attackers leveraged stolen administrator credentials to upload a malicious Java Server Object Extension (SOE) acting as a covert web shell, allowing them to execute commands via a REST API and escalate privileges internally. Persistence was further established by deploying SoftEther VPN Bridge, enabling encrypted outbound connectivity and facilitating lateral movement, data exfiltration, and credential harvesting within the victim's environment. This incident underscores the increasing sophistication of APTs exploiting legitimate third-party software and obscure admin features for stealthy, long-term persistence. The method's novelty, combined with highly targeted credential theft and the use of living-off-the-land techniques, highlights urgent gaps in detection, segmentation, and secure configuration, especially in public-facing or critical GIS applications.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(high)
E
Exfiltration(medium)
I
Impact(medium)
Read Report
[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Under Attack

Looking for threats in a different sector?

Browse All Threat Reports