Production companies are the objectives in a huge scale phishing campaign with goal of installing remote administration software on victim systems.
Analysts from Kaspersky Lab said that emails implying to be business offers were enabling attackers to gain remote control of the systems for illegal financial benefit.
“According to the data available, the attackers’ main goal is to steal money from victim organizations’ accounts,” the researchers concluded. “When attackers connect to a victim’s computer, they search for and analyze purchase documents, as well as the financial and accounting software used. After that, the attackers look for various ways in which they can commit financial fraud, such as spoofing the bank details used to make payments.”
Analysts observed a lot of these emails since November 2017 — and those are still being sent to victims, with focus on 400 modern industrial organizations in Russia. The phishing emails are very well composed, with some implying to be from large companies and corporations. Attackers have paid careful attention to detail to the of each email, precisely mirroring the actions of the targeted companies work performed by the representatives to whom the email is sent. This proposes an abnormal state of surveillance work.
“It is worth noting that the attackers addressed an employee of the company under attack by his or her full name,” researchers said. “This indicates that the attack was carefully prepared and an individual email that included details relevant to the specific organization was created for each victim.”