A modern phishing campaign focusing on the industrial sector appears once again and demonstrated how attackers are continually enhancing at attracting high profile-clients into executing malware on their systems.
Kaspersky Lab on Wednesday issued a warning that said it has observed a wave of spear-phishing emails expertly disguised as procurement and accounting letters being sent to carefully selected individuals at companies mostly in Russia. The attackers typically targeted finance and project-management related employees at these companies, and the main goal appears to be to steal money from victim organizations.
Up until now, the people behind this campaign have infiltrated no less than 800 PCs in across over 400 companies in businesses, like manufacturing, energy, logistics, construction, oil, and gas.
The emails are typically routed to the intended target by their full name and contain content, for example, an invitation for delicate offers — that compares with their organization’s business and the person’s job activity.
The malevolent attachment in a large number of the email messages have names that propose an association with the finance. The attackers have been sending messages without any attachment, however, with URLs installed in the content to external websites from where malware can be downloaded to their system. The domain names from which the messages are sent are typically similar to the domain name of the organization that purportedly sent them.
The attackers have been using different strategies to hide the infection, Kaspersky Lab said in its report. On the off chance, if the client is deceived into opening a malicious link ready about tenders, for example, an altered software of a genuine program to search for tenders is installed on the victim’s computer with the malware.
The malware uses to install TeamViewer to remotely control the infected system. Cybercriminals are then using their remote access to investigate the compromised system for archives relating to finance, accounts, bookkeeping, and obtainment related activities with an intention to use them to extort money.
One strategy has been to change the details on the payment bills so that next time you pay an instalment it ends up in the hacker’s account. At the point when the hacker needs more data or access to a different system, they release extra malware to achieve that objective.
Kirill Kruglov, senior research developer at Kaspersky Lab said “the phishing campaign suggests that the attackers started the campaign last October and targeted a relatively short list of companies through March this year. There could be at least two explanations,” for why the attackers began small and then expanded their target list, Kruglov says. The attackers collected data during the attack month by month, or they tested the attack vector on some portion of the information they had before launching it in full scope.”
