Spear phishing attack hits more than 400 industrial companies
Researchers at Kaspersky Lab have detected a new wave of spear phishing attacks disguised as legitimate procurement and accounting letters, that have hit more than 400 industrial organizations.
The emails have targeted approximately 800 employee PCs, mostly in Russian companies, with the goal of stealing money and confidential data from the organizations, which could then be used in new attacks.
The emails are disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organizations and took into account the identity of the employee -- the recipient of the letter. The attackers addressed the targeted victims by name, suggesting that the attacks were carefully prepared and that criminals took the time to develop an individual letter for each user.
If recipients clicked on the malicious attachments, modified legitimate software was discreetly installed on the computer so that criminals could connect to it and examine documents and software related to procurement, financial and accounting operations. Furthermore, the attackers were looking for different ways to commit financial fraud, such as changing details in payment bills in order to withdraw money for their benefit.
They also uploaded additional software to give themselves extra capabilities. This included spyware, additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system, as well as the Mimikatz tool that allows users to obtain data from Windows accounts.
"The attackers demonstrated a clear interest in targeting industrial companies in Russia," says Vyacheslav Kopeytsev, security expert at Kaspersky Lab. "Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets, such as financial services. That makes industrial companies a lucrative target for cybercriminals -- not only in Russia, but across the world."
You can find out more about the attacks on the Kaspersky blog.