Security News > 2020 > March > Russia-Linked Cybercriminals Use Legitimate Tools in Attacks on German Firms
Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before.
Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.
The security researchers discovered that the June 2019 attacks also included a ransomware component and included GPG suite files.
The infrastructure in these attacks overlaps with that used in a set of attacks observed in February 2020, suggesting that the same threat actor is behind both.
The new attacks employ a loader apparently called rekt, which was designed to contact Google Drive to download additional files.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Evil Corp's deep ties with Russia and NATO member attacks exposed (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Cybercriminals hijack DNS to build stealth attack networks (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)