Man
Professional
- Messages
- 3,081
- Reaction score
- 620
- Points
- 113
The Strela Stealer easily turns hacked chats into digital weapons.
The Hive0145 cybercriminal group has launched a series of attacks across Europe, using advanced Strela Stealer malware software to steal sensitive data from emails.
According to IBM X-Force researchers, this wave of attacks primarily targets Spain, Germany and Ukraine. Attackers send phishing emails with fake but real invoices to trick recipients and increase the success rate of the infection.
Hive0145 has been in operation since late 2022, targeting data theft through the Strela Stealer, which extracts information from Microsoft Outlook and Mozilla Thunderbird. Since mid-2023, the number of attacks and their complexity have increased significantly.
Meanwhile, since July 2024, Hive0145 has changed tactics: instead of simple phishing messages, hackers have started using real emails with compromised attachments. This method increases the credibility of the email, since the original content does not change. Previously, similar approaches were used by groups like Emotet.
To bypass security systems, cybercriminals have started using rare file types such as «.com" and ".pif", as well as sophisticated scripts to bypass protection. IBM X-Force experts noted that Hive0145 can partially automate its processes, which allows the group to increase the frequency of attacks.
The main target of the Strela Stealer remains email data. The program is configured to work on devices with certain keyboard language layouts, which makes it effective against attacks on users from Spain, Germany, and Ukraine.
Analysts warn that such attacks will continue. Companies in Europe, especially in sectors whose emails are often used in phishing schemes, need to strengthen their security measures and raise employee awareness of such threats.
Source
The Hive0145 cybercriminal group has launched a series of attacks across Europe, using advanced Strela Stealer malware software to steal sensitive data from emails.
According to IBM X-Force researchers, this wave of attacks primarily targets Spain, Germany and Ukraine. Attackers send phishing emails with fake but real invoices to trick recipients and increase the success rate of the infection.
Hive0145 has been in operation since late 2022, targeting data theft through the Strela Stealer, which extracts information from Microsoft Outlook and Mozilla Thunderbird. Since mid-2023, the number of attacks and their complexity have increased significantly.
Meanwhile, since July 2024, Hive0145 has changed tactics: instead of simple phishing messages, hackers have started using real emails with compromised attachments. This method increases the credibility of the email, since the original content does not change. Previously, similar approaches were used by groups like Emotet.
To bypass security systems, cybercriminals have started using rare file types such as «.com" and ".pif", as well as sophisticated scripts to bypass protection. IBM X-Force experts noted that Hive0145 can partially automate its processes, which allows the group to increase the frequency of attacks.
The main target of the Strela Stealer remains email data. The program is configured to work on devices with certain keyboard language layouts, which makes it effective against attacks on users from Spain, Germany, and Ukraine.
Analysts warn that such attacks will continue. Companies in Europe, especially in sectors whose emails are often used in phishing schemes, need to strengthen their security measures and raise employee awareness of such threats.
Source
