Security News > 2020 > November > Russian Hacker Group Continues Stealing Money From Industrial Enterprises
Now, the security researchers reveal that the attackers have updated their techniques and that the number of victim organizations has increased.
In recent attacks, the hackers started using actual documents related to the organization's activity, including scanned copies of memos, letters, and procurement documentation forms, seemingly stolen in earlier attacks.
In previous attacks, the hackers employed malicious DLLs to hide TeamViewer's user interface and keep the attack out of sight.
Victims of these attacks include Russian companies from the manufacturing, oil and gas, metal industry, engineering, energy, construction, mining, and logistics sectors.
"Clearly, the attackers' remote access to infected systems also poses other threats, such as the organization's sensitive data being leaked, systems being put out of operation, etc. As the latest events have shown, the attackers use documents that were probably stolen from organizations to carry out subsequent attacks, including attacks on victim companies' partners," Kaspersky concludes.
News URL
Related news
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)