A cyberespionage group is infecting firms with malware and then blackmailing the firm into giving them an IT contract, according to a researcher at Kaspersky Lab.
The gang known as “Poseidon” infects its victims using spearphishing emails that deliver “state-of-the-art custom malware” to ensure easy and silent entry and efficient data acquisition, in line with their patrons' requirements, researcher Oleg Gorobets said in a post.
Once the gang has harvested valuable information from its victim, it uses a front-end security company to blackmail its targets into contracting with the gang to remove the infection, he said.
Afterwards, the gang would either retain an illegitimate presence within the “secured” system or quietly remain in the firm's network after supposedly removing the malware.
Poseidon's malware is focused on Windows-based systems and is capable of embedding itself in a firm's system for years without being detected, the researcher said.