Hundreds of Russian Companies Attacked with Extremely Personalized Spear-Phishing E-Mails

An advanced and newly-launched phishing campaign is reportedly aiming attack on Russian companies representing various industrial sectors. The development once again shows what way cyber-criminals relentlessly make better their enticement tactics over premium end-users so they may install malicious software onto their computers.

Kaspersky Lab the Russia based security vendor has released one technical advisory stating about its observation of a fresh surge in spear-phishing electronic mails craftily masqueraded as accounting or procurement correspondences that are getting dispatched to cautiously chosen persons working in companies chiefly within Russia. As always happens, the criminals are aiming at project-management and finance department staff of these companies, while mainly seeking to filch their funds. Incidentally, spear-phishing represents one type of phishing operation wherein specially crafted electronic mails are dispatched to specific entities. The e-mails pretend to be relevant and genuine, however, actually consist of harmful content like malicious software, while entice the potential victim towards revealing sensitive private data.

Addressing the specifically selected persons by their first to last names, the spear-phishing e-mails typically invite for tender bids which match with the persons' area of work and their organizations' business. The malware-laced files attached to the e-mails are so named that they indicate certain association with finance. Occasionally, the e-mails don't have any attachments; however, contain web-links to sites that enable malware download onto the victims' computers.

The report by Kaspersky Labs elucidates that the phishing criminals are employing different ruses for masking infections. For instance, a message that dupes the victim into viewing an included attachment makes the particular attachment look like a procurement tender which installs one altered edition of some genuine program tool for hunting tenders but actually is bundled with malicious software.

This malicious software loads either the TeamViewer program alternatively something else purported to remotely control contaminated PCs for scanning those hijacked computers to obtain documents associated with procurement, accounting and/or financial activities with an objective towards utilizing them for aiding in executing financial fraud.

Hitherto, con artists responsible for the attack have reportedly hit 800-or-more PCs of 400 companies within the manufacturing, energy, construction, logistics and oil & gas industries.

» SPAMfighter News - 8/10/2018