Security News > 2020 > March > Russia-Linked Cybercriminals Use Legitimate Tools in Attacks on German Firms
Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before.
Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.
The security researchers discovered that the June 2019 attacks also included a ransomware component and included GPG suite files.
The infrastructure in these attacks overlaps with that used in a set of attacks observed in February 2020, suggesting that the same threat actor is behind both.
The new attacks employ a loader apparently called rekt, which was designed to contact Google Drive to download additional files.
News URL
Related news
- Cybercriminals hijack DNS to build stealth attack networks (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks (source)
- Russia arrests cybercriminal Wazawaka for ties with ransomware gangs (source)