Watch what you download: spies are watching Russian companies
CrimeaPRESS reports:
The Sapphire Werewolf cybercriminal group has rewritten an open source stealer to spy on Russian companies. Since the beginning of spring, the group has attacked Russian companies more than 300 times, reports RSpectr, citing the BI.ZONE press service.
During the monitoring of cyber incidents, it became known that the Sapphire Werewolf group of attackers sent phishing emails to employees of Russian companies containing links created by the shortening service “TLY”. Thus, victims thought they were downloading an official document, but instead a malicious virus was downloaded. When trying to open it, malicious software was installed on the PC system, the purpose of which was to steal data (Amethyst stealer), BI.ZONE said.
At the same time, in order not to arouse additional suspicions, simultaneously with the download of the virus software, a distracting document was actually opened on the PC — a resolution to initiate enforcement proceedings, a leaflet from the Central Election Commission, or a decree of the President of the Russian Federation.
It is reported that the Amethyst stealer collected important information from the compromised device. For example, password databases, cookies, browser history, saved pages, text and other documents, noted in BI.ZONE.
Stealer is a virus software that is used by an attacker to steal user personal information, including login and password data, explained Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technologies and Communications.
The danger of stealers is that, being encrypted, they can easily bypass anti-virus protection. It is due to this advantage that this type of attack spreads especially quickly. I think that today stealers are one of the key threats to information security for both ordinary users and organizations. At the same time, there are many options for stealers. For example, a stealer can imitate an application or browser extension, or a zip archive. In fact, for any downloaded file— said the deputy.
According to Nemkin, the spread of stealers, as a rule, occurs through phishing tools.
In addition to mailing, stealers can be distributed through phishing web pages that mimic the sites of well-known companieshe noted.
This is not the only case of surveillance of the Russian corporate sector, Nemkin continued.
Let me remind you that in 2023, the Rare Wolf group of attackers carried out at least 90 attacks with a similar scenario. The attackers also sent phishing emails posing as work emails, but in fact they contained malware— said the deputy.
According to Nemkin, despite the danger of stealers, existing solutions on the market make it possible to both recognize and block them.
In addition, it is important to constantly monitor systems for malware, as well as create offline backups. Finally, the main preventive measure to prevent such attacks is the development of digital competencies of personnel. It has been noted more than once that phishing is one of the key opportunities for gaining unauthorized access to system data. And the reason for this is the incompetence of employees who not only open suspicious emails, but also follow links from them“, the deputy explained.
At the same time, according to Positive Technologies, in Russia up to 55% of companies do not have enough time to strengthen their own information security systems, the deputy recalled.
This is simply unacceptable. In conditions of geopolitical instability, information security should become a priority for companies at any level, – Nemkin is convinced.
source: press service of the Russian State Duma deputy Anton Nemkin
Crimea news | CrimeaPRESS: latest news and main events
Comments are closed.