Russian hackers attack 250 companies all over world

Source : 112 Ukraine

They used 22 fake domains that imitated the websites of the financial organizations
17:03, 1 August 2017

Open source

The hacker grouping Cobalt is from Russia and it extended the sphere of activity in 2017. The Russian information agency RBK reported this citing the Positive Technologies Company that specializes in the information security sphere.

According to the report, Cobalt sent out the phishing scam letters that contained the infected files to more than 3 000 of users from 250 companies in 12 countries of the world in 2017. The companies from North America, Western Europe and South America are added to the list of the attack along with the usual countries of CIS, Eastern Europe and Southeast Asia. The exchanges, insurances companies, investment funds and other organizations became the part of the sphere of the interest while earlier the grouping was interested only in the banks.

‘The attacks on the nonfinancial organizations were made to prepare the platform for the further attacks at the banks. For example, the hackers can send out the phishing scam letters on behalf of the regulator or bank’s partner for whom the service is provided’, the Deputy of the Head of the Competence Center for Expert Services of Positive Technologies Company Oleksy Novikov.

Also, the grouping massively sends out the phishing scam letters from the fake domains that imitate the messages from Visa, MasterCard, the Cyber Attacks Center in the financial sphere of the Central Bank of Russia and National Bank of the Republic Kazakhstan as the Positive Technologies said. Cobalt used 22 fake domains that imitated the websites of the financial organizations and their counter agents for these purposes.

The typical Cobalt attack consists of a few stages. Firstly, they register the fake domains that pretend to be owned by big companies. Then, the phishing mailout that contains the infected files is made to the banks and their counter agents. The program that does not allow the anti-virus to react launches after the opening of this attachment by the user. Then the Trojan program is downloaded to the computer and it provides the remote access to the work computer. Then the hackers can develop the attack inside the organization or send it to another.

Related: Ukraine’s Education and Science Ministry reports cyber-attack on their website

Related: Russia is cyber threat, but there’s need to cooperate with Moscow, - White House

Related: US requires Spain to extradite Russian hacker

Related: Hackers linked to Russian government attacked Irish energy company, - The Times

Система Orphus

If you find an error, highlight the desired text and press Ctrl + Enter, to tell about it

see more