Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Losses from attacks can range from several million to hundreds of millions of rubles.
In July, hackers began sending letters to companies with a virus capable of stealing passwords and other data, experts from BI.ZONE told Kommersant. The virus is called White Snake and appeared this year, BI.ZONE specified. It can retrieve passwords that are stored on the computer, copy files, record keystrokes, microphone sound, webcam video, and give other types of access to the device.
One way White Snake is distributed is through emails to commercial addresses, including from data breaches that masquerade as Roskomnadzor notifications.
The first attachment of the letter contains a message from the department, which states that “during selective monitoring of activity”, it was found that employees visited prohibited Internet resources and sites that publish materials of foreign agents. Roskomnadzor allegedly asks to check the materials attached to the letter and provide an explanation within two working days, threatening administrative and criminal measures. The second file contains a link to the virus.
BI.ZONE notes that it was unusual for such an attack to use a "commercial virus", that is, sold on dark forums, and not created by hackers for their own purposes. A subscription to it can be bought for $140 per month, and unlimited access for $1.9 thousand. The low price and ease of use lead to “an inevitable increase in the number of targeted attacks,” emphasizes Oleg Skulkin, head of the BI.ZONE cyber intelligence department.
Experts from various companies confirm the danger of such attacks: hackers are trying to persuade the user to open the archive under various pretexts - from threats of multi-million dollar fines to the “checked by antivirus” mark at the end of the letter. Roskomnadzor stated on its Telegram channel that the agency “does not send out mass mailing of letters to citizens, organizations or authorities.” The service declined to comment further.
White Snake can collect data on the infected computer through popular browsers such as Chrome and FireFox (passwords, downloads), and well-known programs such as Outlook, Discord, Telegram, etc., as well as from crypto wallets. “If one employee is infected with White Snake, attackers can gain access to the devices of others through the collected credentials,” says one of the experts.
Attacks have the greatest impact on companies in the financial sector, including owners of digital wallets, and scientific and technical organizations, whose developments and intellectual property are of particular value.
Depending on the type of company and the goals of the criminals, in each case, losses can range from "several million to hundreds of millions of rubles," says another expert. “Often, such viruses steal account data, and since 70% of companies do not have two-factor authentication, hackers are more likely to get a point of presence in the company,” he says. Further, the expert suggests, the information can be sold on the dark web or used for long-term espionage.
In July, hackers began sending letters to companies with a virus capable of stealing passwords and other data, experts from BI.ZONE told Kommersant. The virus is called White Snake and appeared this year, BI.ZONE specified. It can retrieve passwords that are stored on the computer, copy files, record keystrokes, microphone sound, webcam video, and give other types of access to the device.
One way White Snake is distributed is through emails to commercial addresses, including from data breaches that masquerade as Roskomnadzor notifications.
The first attachment of the letter contains a message from the department, which states that “during selective monitoring of activity”, it was found that employees visited prohibited Internet resources and sites that publish materials of foreign agents. Roskomnadzor allegedly asks to check the materials attached to the letter and provide an explanation within two working days, threatening administrative and criminal measures. The second file contains a link to the virus.
BI.ZONE notes that it was unusual for such an attack to use a "commercial virus", that is, sold on dark forums, and not created by hackers for their own purposes. A subscription to it can be bought for $140 per month, and unlimited access for $1.9 thousand. The low price and ease of use lead to “an inevitable increase in the number of targeted attacks,” emphasizes Oleg Skulkin, head of the BI.ZONE cyber intelligence department.
Experts from various companies confirm the danger of such attacks: hackers are trying to persuade the user to open the archive under various pretexts - from threats of multi-million dollar fines to the “checked by antivirus” mark at the end of the letter. Roskomnadzor stated on its Telegram channel that the agency “does not send out mass mailing of letters to citizens, organizations or authorities.” The service declined to comment further.
White Snake can collect data on the infected computer through popular browsers such as Chrome and FireFox (passwords, downloads), and well-known programs such as Outlook, Discord, Telegram, etc., as well as from crypto wallets. “If one employee is infected with White Snake, attackers can gain access to the devices of others through the collected credentials,” says one of the experts.
Attacks have the greatest impact on companies in the financial sector, including owners of digital wallets, and scientific and technical organizations, whose developments and intellectual property are of particular value.
Depending on the type of company and the goals of the criminals, in each case, losses can range from "several million to hundreds of millions of rubles," says another expert. “Often, such viruses steal account data, and since 70% of companies do not have two-factor authentication, hackers are more likely to get a point of presence in the company,” he says. Further, the expert suggests, the information can be sold on the dark web or used for long-term espionage.
