Security News > 2020 > November > Russian Hacker Group Continues Stealing Money From Industrial Enterprises
Now, the security researchers reveal that the attackers have updated their techniques and that the number of victim organizations has increased.
In recent attacks, the hackers started using actual documents related to the organization's activity, including scanned copies of memos, letters, and procurement documentation forms, seemingly stolen in earlier attacks.
In previous attacks, the hackers employed malicious DLLs to hide TeamViewer's user interface and keep the attack out of sight.
Victims of these attacks include Russian companies from the manufacturing, oil and gas, metal industry, engineering, energy, construction, mining, and logistics sectors.
"Clearly, the attackers' remote access to infected systems also poses other threats, such as the organization's sensitive data being leaked, systems being put out of operation, etc. As the latest events have shown, the attackers use documents that were probably stolen from organizations to carry out subsequent attacks, including attacks on victim companies' partners," Kaspersky concludes.
News URL
Related news
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- France ties Russian APT28 hackers to 12 cyberattacks on French orgs (source)