- Dec 30, 2012
- 4,809
Researchers have uncovered a wave of attacks against industrial and engineering companies in the quest for cash.
According to Kaspersky, sensitive corporate financial data is the top target of the threat actors behind the campaign "Operation Ghoul," which operates primarily in the Middle East but is known to attack companies worldwide.
The researcher's report, published on Wednesday, says that cyberattackers are using spear phishing as the main technique to infiltrate company servers.
A carefully crafted email lands in a target's inbox which appears to be from banks in the Middle East. If a victim opens the file, they may be lured to click on a malicious link, or in other cases, the email will come with a malicious .7z archive file attachment.
In the majority of cases, CEOs, COOs, managers, supervisors, and engineers receive the email lures.
When malicious attachments are in play, Kaspersky says that the fraudulent emails claim to be "payment instructions." Instead, malware, based on the Hawkeye commercial spyware, executes in order to spy on the user and collect data including passwords, keystrokes, and screenshots.
Kaspersky says the malware also targets clipboard data, FileZilla FTP credentials, browser account data, messaging clients, and email services, as well as license information for some applications.
This information is then sent to the attackers in order to compromise other accounts and steal valuable financial data. In addition, the malware uses "anti-debugging and timeout techniques" to remain on a compromised system.
Click on the source for further reading
According to Kaspersky, sensitive corporate financial data is the top target of the threat actors behind the campaign "Operation Ghoul," which operates primarily in the Middle East but is known to attack companies worldwide.
The researcher's report, published on Wednesday, says that cyberattackers are using spear phishing as the main technique to infiltrate company servers.
A carefully crafted email lands in a target's inbox which appears to be from banks in the Middle East. If a victim opens the file, they may be lured to click on a malicious link, or in other cases, the email will come with a malicious .7z archive file attachment.
In the majority of cases, CEOs, COOs, managers, supervisors, and engineers receive the email lures.
When malicious attachments are in play, Kaspersky says that the fraudulent emails claim to be "payment instructions." Instead, malware, based on the Hawkeye commercial spyware, executes in order to spy on the user and collect data including passwords, keystrokes, and screenshots.
Kaspersky says the malware also targets clipboard data, FileZilla FTP credentials, browser account data, messaging clients, and email services, as well as license information for some applications.
This information is then sent to the attackers in order to compromise other accounts and steal valuable financial data. In addition, the malware uses "anti-debugging and timeout techniques" to remain on a compromised system.
Click on the source for further reading
