Security News > 2020 > March > Russian Hackers Exploited Windows Flaws in Attacks on European Firms
Financially-motivated hackers believed to be operating out of Russia recently targeted companies in Western Europe, and the attacks apparently involved a combination of two Windows vulnerabilities that Microsoft did not expect to be exploited.
According to Singapore-based cybersecurity firm Group-IB, the threat groups tracked as TA505 and Silence - the company previously found links between the two groups - targeted at least two pharmaceutical and manufacturing companies in Belgium and Germany in late January.
The attacks have been attributed to Silence and TA505 based on the used tools, but it's possible that only one of them was involved.
Group-IB researchers uncovered this exploit on the attacker' servers and they believe it was likely deployed in the campaign targeting European companies.
The attacks involved trojanized resumes sent to the human resources department at targeted businesses.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)