advertisement
Over 400 industrial companies targeted with new financial spear-phishing emails
A new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters have hit at least 400 industrial organisations, designed…
A new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters have hit at least 400 industrial organisations, designed to make money for cybercriminals.
Russia has been the most affected since the series of attacks started back in autumn 2017 targeting several hundreds of company PCs in industries ranging from oil and gas, to metallurgy, energy, construction, and logistics.
“The attackers demonstrated a clear interest in targeting industrial companies in Russia. Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets such as financial services. That makes industrial companies a lucrative target for cybercriminals – not only in Russia, but across the world,” said Vyacheslav Kopeytsev, security expert at Kaspersky Lab.
According to Kaspersky Lab data, this wave of emails targeted around 800 employee PCs, with the goal of stealing money and confidential data from the organisations, which can then be used in new attacks.
advertisement
“The emails were disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organisations and took into account the identity of the employee – the recipient of the letter. It is noteworthy that the attackers even addressed the targeted victims by name. This suggests that the attacks were carefully prepared and that criminals took the time to develop an individual letter for each user,” stated Kaspersky Lab researchers.
When the recipient clicked on the malicious attachments, modified legitimate software was discreetly installed on the computer so that criminals could connect to it, examine documents and software related to the procurement, financial and accounting operations.
“Furthermore, the attackers were looking for different ways to commit financial fraud, such as changing requisites in payment bills in order to withdraw money for their benefit,” added the researchers
advertisement
In the detected wave the criminals not only attacked industrial companies together with other organisations, they were predominantly focused on them. They sent out emails containing malicious attachments and try to lure unsuspecting victims into giving away confidential data, which they could then use to make money.
Kaspersky researchers states, “whenever criminals needed additional data or capabilities, such as obtaining local administrator rights or stealing user authentication data and Windows accounts to spread within the enterprise network, the attackers uploaded additional sets of malware, prepared individually for an attack on each victim.”
This included spyware, additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system, as well as the Mimikatz tool that allows users to obtain data from Windows accounts.