HACKERS TARGETING BUSINESSES FOR MONEY
Groups of hackers targeting businesses for financially motivated cyber Attacks
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware.
According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations.
In almost all spear-phishing email campaigns researchers observed between October 16 and November 12 this year, the attackers used malicious Word document attachments as an initial vector to compromise the device.
Once opened, the malicious document executes a macro script to run malicious PowerShell commands, which then eventually downloads and installs one of the following payloads onto the victim's system:
Maze Ransomware,
IcedID Banking Trojan,
Cobalt Strike backdoor.
"Although these campaigns are small in volume, currently, they are significant for their abuse of trusted brands, including government agencies, and for their relatively rapid expansion across multiple geographies. To date, the group appears to have targeted organizations in Germany, Italy, and, most recently, the United States, delivering geo-targeted payloads with lures in local languages," Christopher Dawson, Threat Intelligence Lead at Proofpoint, told The Hacker News.
The best way to protect your computer against such attacks are as follow:
1. Disable macros from running in office files,
2. Always keep a regular backup of your important data,
3. Don't open an email attachment from untrusted sources,
4. Don't click on the links from unknown sources.
5. Make sure you run one of the best antivirus software on your system.
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware.
According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations.
In almost all spear-phishing email campaigns researchers observed between October 16 and November 12 this year, the attackers used malicious Word document attachments as an initial vector to compromise the device.
Once opened, the malicious document executes a macro script to run malicious PowerShell commands, which then eventually downloads and installs one of the following payloads onto the victim's system:
Maze Ransomware,
IcedID Banking Trojan,
Cobalt Strike backdoor.
"Although these campaigns are small in volume, currently, they are significant for their abuse of trusted brands, including government agencies, and for their relatively rapid expansion across multiple geographies. To date, the group appears to have targeted organizations in Germany, Italy, and, most recently, the United States, delivering geo-targeted payloads with lures in local languages," Christopher Dawson, Threat Intelligence Lead at Proofpoint, told The Hacker News.
The best way to protect your computer against such attacks are as follow:
1. Disable macros from running in office files,
2. Always keep a regular backup of your important data,
3. Don't open an email attachment from untrusted sources,
4. Don't click on the links from unknown sources.
5. Make sure you run one of the best antivirus software on your system.
Comments
Post a Comment