Content |
History
2024: Russian government agencies were hit by cyber attacks using viruses disguised as "Google Tables"
The hacker group Cloud Atlas has begun using cloud services Google to carry out phishing attacks on government agencies. Russia This became known on December 16, 2024 from the data of Positive Technologies.
According to CNews, a series of cyber attacks began in October 2024. Attackers sent official requests for information with links to malicious templates, which, through a vulnerability in the Microsoft Equation formula editor, launched malicious scripts.
Alexander Grigoryan, deputy head of the department for integrated response to cyber threats at the Positive Technologies security expert center, said: "The main difference from earlier attacks is that cybercriminals used a document created in the Google Sheets online application instead of a standard S2."
According to the Solar group of companies, the share of custom cyber attacks on Russian organizations reached 44% by the fall of 2024, having more than quadrupled compared to 2023. Up to 60% of successful attacks were carried out by professional hackers.
As a result of attacks on victims' devices, a PowerShower backdoor is delivered, used for espionage and data theft. The Cloud Atlas group, which has been operating since 2014, is constantly improving its methods and tools.
Positive Technologies recommends that organizations implement tiered protection of IT infrastructure, use network sandboxes, behavioral traffic analysis systems and next-generation firewalls.
Gennady Sazonov, engineer of the Solar 4RAYS incident investigation group, notes an increase in the number of attacks related to cyber espionage. According to him, attackers often indicate the presence of an interested third party.
According to Informzaschita, about 80% of successful attacks are complex incidents, including espionage and data encryption. The main goals were government agencies, industrial enterprises, scientific and educational organizations.[1]