Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
From Russia to the United States: New malicious scripts attack SMBs, government agencies, and agricultural organizations.
Kaspersky Lab detected more than 10 thousand financially motivated attacks on organizations from different regions, including Russia, as part of a campaign using several types of malware. Researchers have found that attackers use not only backdoors, keyloggers, and miners, but also new malicious scripts that disable security features and make it easier to download malware.
The attacks take place from May to October of this year. According to Kaspersky Lab's telemetry data, more than 200 users were infected during the campaign. Targeted organizations include government agencies, agricultural and commercial enterprises from Russia, Saudi Arabia, Vietnam, Brazil and Romania. Incidents were also detected in the United States, India, Morocco and Greece.
Attackers exploit vulnerabilities on servers and workstations to break into the system. The attackers then launch new malicious scripts that attempt to bypass Microsoft Defender, escalate privileges, and disable antivirus components. If they succeed, they download the backdoor, keylogger, and miner from a web resource that is no longer available. The miner uses the system's resources to mine various cryptocurrencies, such as Monero (XMR). In turn, the keylogger records which keys the user presses on the keyboard and mouse, and the backdoor communicates with the command and control server (C2) to receive and transmit data. This allows attackers to gain remote control over a compromised system.
Kaspersky Lab experts note that this campaign using various malicious software is rapidly evolving and new versions of attack tools are emerging. Apparently, the attackers seek to extract financial benefits in any possible way. In addition to mining cryptocurrencies, they can steal user credentials and sell them on the darknet, or implement more complex scenarios using the capabilities of backdoors.
Kaspersky Lab detected more than 10 thousand financially motivated attacks on organizations from different regions, including Russia, as part of a campaign using several types of malware. Researchers have found that attackers use not only backdoors, keyloggers, and miners, but also new malicious scripts that disable security features and make it easier to download malware.
The attacks take place from May to October of this year. According to Kaspersky Lab's telemetry data, more than 200 users were infected during the campaign. Targeted organizations include government agencies, agricultural and commercial enterprises from Russia, Saudi Arabia, Vietnam, Brazil and Romania. Incidents were also detected in the United States, India, Morocco and Greece.
Attackers exploit vulnerabilities on servers and workstations to break into the system. The attackers then launch new malicious scripts that attempt to bypass Microsoft Defender, escalate privileges, and disable antivirus components. If they succeed, they download the backdoor, keylogger, and miner from a web resource that is no longer available. The miner uses the system's resources to mine various cryptocurrencies, such as Monero (XMR). In turn, the keylogger records which keys the user presses on the keyboard and mouse, and the backdoor communicates with the command and control server (C2) to receive and transmit data. This allows attackers to gain remote control over a compromised system.
Kaspersky Lab experts note that this campaign using various malicious software is rapidly evolving and new versions of attack tools are emerging. Apparently, the attackers seek to extract financial benefits in any possible way. In addition to mining cryptocurrencies, they can steal user credentials and sell them on the darknet, or implement more complex scenarios using the capabilities of backdoors.
