Security News > 2020 > March > Russia-Linked Cybercriminals Use Legitimate Tools in Attacks on German Firms
Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before.
Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.
The security researchers discovered that the June 2019 attacks also included a ransomware component and included GPG suite files.
The infrastructure in these attacks overlaps with that used in a set of attacks observed in February 2020, suggesting that the same threat actor is behind both.
The new attacks employ a loader apparently called rekt, which was designed to contact Google Drive to download additional files.
News URL
Related news
- U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems (source)
- Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (source)
- Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks (source)
- Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus (source)