Russian space, telecom industries targeted by espionage

Share this article:

A number of Russian industries are facing the wrath of sophisticated malware designed to siphon sensitive data, according to security firm FireEye.

Researchers Alex Lanstein and Ali Islam said in a Monday blog post that employees working at organizations representing the Russian space, information, education and telecommunications industries have been hit by socially engineered emails containing exploits.

The attacks, which are believed to have originated in Korea, used as their lure a legitimate Microsoft word document, which launches once the exploit is "successful," the researchers said.

"One thing that is true in nearly all targeted attacks is that there is an aspect baked in which the cyber criminal gives the victim a decoy document," Lanstein and Islam wrote. "As a result, the victim is dissuaded from the calling the computer help desk, thinking he/she got [a] legitimate document. This attack is no different."

What makes the campaign unique is that the purveyors don't seem interested in hiding their stolen data, which includes credentials, as well as information about where victims are located. The fraudsters set up their command-and-control center to run on a public Korean message board, the researchers said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.