Spear phishing campaign affects over 400 companies

The attacks of this phishing variant are becoming more and more frequent

Enterprise network security researchers have detected a new wave of spear phishing attacks disguised as legitimate acquisition and accounting letters, which have affected more than 400 industrial organizations.

Emails have been directed at approximately 800 employees’ computers, mainly in Russian companies, with the goal of stealing money and confidential data from organizations, which could then be used in further attacks.

As mentioned by enterprise network security experts from the International Institute of Cyber Security, phishing messages were disguised as legitimate letters of acquisition and accounting, which contained information according to the profile of the attacked organizations, keeping in mind the identity of the employee to whom the letters were addressed.

The attackers addressed the specific victims by their name, suggesting that the campaign was carefully prepared and that hackers took the time to set up an individual letter for each user.

If letter receivers clicked on malicious attached files, modified software was silently installed on the computer so that hackers could log in and examine documents and software related to the organizations’ financial and accounting activity. In addition, attackers were looking for different ways to commit financial fraud, such as changing details on pay bills to withdraw money for their own benefit.

In the attack they also loaded software to deploy additional functions. This included spyware, additional remote management tools that extend control of attackers over infected systems and malware to exploit vulnerabilities in the Operating System, as well as the Mimikatz tool, which allows hackers to get data from compromised Windows accounts.

Enterprise network security experts report that hackers showed a particular interest in attacking Russian industries. This is probably because their level of awareness of enterprise network security is not as high as in other branches, such as financial markets. This makes industrial companies a lucrative target for hackers, not only in Russia, but in any place in the world where companies do not have the necessary protections against these attacks.