Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
From mechanical engineering to medicine: who is in the crosshairs of hackers?
In July 2024, Kaspersky Lab specialists revealed that more than ten Russian enterprises from various industries, from mechanical engineering to medicine, fell victim to cyberattacks using the previously unknown Loki backdoor. The malware was developed based on the popular open-source framework Mythic.
The Mythic framework was originally developed as a tool for remote management in the process of simulating cyberattacks and assessing the level of security of IT infrastructures. However, attackers often use such frameworks for malicious purposes. Mythic allows you to create agents in a variety of programming languages for any platform, with features that can be customized to meet the needs of developers. Criminals have taken advantage of these opportunities and developed their own version of the agent called Loki, which makes it difficult to detect and attribute. In addition to the open-source framework, other publicly available utilities were also used in the attacks.
Experts believe that in most cases, Loki infiltrated systems through emails containing malicious attachments. After such files were opened by inattentive users, the backdoor began its activity. This is confirmed by telemetry data and file names, such as "estimate_27.05.2024.exe", "On_publication_approval_<enterprise>.rar", "DOCUMENT_LIST. ISO».
Loki is a serious threat because it is capable of executing a wide range of commands on the infected device. Attackers can upload and download any files, as well as run malware on the device. Often, attacks using such backdoors lead not only to the leakage of confidential data, but also to the complete deletion of all files stored in the system.
The company noted that attackers are increasingly using social engineering methods to penetrate company systems and gain access to critical information. To effectively protect against such threats, organizations are recommended to apply multi-layered security strategies, regularly update systems and software, monitor network activity, and train employees to recognize the signs of cyberattacks.
Source
In July 2024, Kaspersky Lab specialists revealed that more than ten Russian enterprises from various industries, from mechanical engineering to medicine, fell victim to cyberattacks using the previously unknown Loki backdoor. The malware was developed based on the popular open-source framework Mythic.
The Mythic framework was originally developed as a tool for remote management in the process of simulating cyberattacks and assessing the level of security of IT infrastructures. However, attackers often use such frameworks for malicious purposes. Mythic allows you to create agents in a variety of programming languages for any platform, with features that can be customized to meet the needs of developers. Criminals have taken advantage of these opportunities and developed their own version of the agent called Loki, which makes it difficult to detect and attribute. In addition to the open-source framework, other publicly available utilities were also used in the attacks.
Experts believe that in most cases, Loki infiltrated systems through emails containing malicious attachments. After such files were opened by inattentive users, the backdoor began its activity. This is confirmed by telemetry data and file names, such as "estimate_27.05.2024.exe", "On_publication_approval_<enterprise>.rar", "DOCUMENT_LIST. ISO».
Loki is a serious threat because it is capable of executing a wide range of commands on the infected device. Attackers can upload and download any files, as well as run malware on the device. Often, attacks using such backdoors lead not only to the leakage of confidential data, but also to the complete deletion of all files stored in the system.
The company noted that attackers are increasingly using social engineering methods to penetrate company systems and gain access to critical information. To effectively protect against such threats, organizations are recommended to apply multi-layered security strategies, regularly update systems and software, monitor network activity, and train employees to recognize the signs of cyberattacks.
Source
Last edited by a moderator:
