2023: Hackers spy on Russian military-industrial complex companies through legal programs
Hackers spy on companies in the military-industrial complex (MIC) of Russia through legal programs. This was reported on June 8, 2023 to Bi.Zone specialists .
They analyzed the documents that criminals from the Core Werewolf cyber group used to distract the attention of victims, and found out: the main targets of spies were Russian organizations associated with the defense industry and critical infrastructure.
To penetrate the institutions, the attackers used phishing emails with links to dangerous files disguised as docx and pdf documents: decrees and orders, manuals, memos and resumes. When opening such a file, the user saw the declared document, while UltraVNC was installed on his device in the background. This is legitimate software that is often used to remotely connect to a computer. The attackers thus gained access to the compromised device.
 | Today, groups are increasingly abandoning malware in favor of legitimate or embedded tools in the operating system. The example of Core Werewolf once again proves the effectiveness of such methods in human-controlled attacks, "said Oleg Skulkin, head of the BI.Zone cyber intelligence department. |  |
To reduce the risks of such attacks, it is necessary to build both a reactive and proactive approach to detecting cyber threats, according to BI.Zone. They also recommend protecting email with specialized solutions that block malicious emails. In addition, it is necessary to establish monitoring of cybersecurity events in order to track the suspicious behavior of legal programs.[1]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |