- 6 Nis 2016
- 96
- 0
https://xakep.ru/2016/08/19/operation-ghoul/
More than 130 Industrial Enterprises were affected by the Targeted Operation Ghoul Attacks
08/19/2016
Experts from " Kaspersky Lab " warned that the industrial and design organizations from the Middle East have suffered from targeted attacks which began in March of 2015. In June of 2016 , researchers have recorded a new wave of attacks and the it was awarded the name Operation Ghoul.
Generally hackers use directed phishing to penetrate the companies servers. Well-thought through and well- composed letters, supposedly written by the employees of the bank , were sent to the mailboxes of future victims. The main victims of the attacks have become CEO, COO, senior managers and engineers . As one might guess , hackers sent emails containing malicious attachments , allegedly with payment instructions ( for example , 7z files ) or links to phishing sites .Most often, attackers infect victims with spyware malware HawkEye , which is able to steal credentials of instant messengers , email clients and browsers, intercept data from the clipboard , can monitor keystrokes , and so on . All of the collected data is sent to the command server of the attackers using HTTP GET or emails . Then The stolen info is used to compromise the company's other accounts and to steal its financial information. "Money are the obvious main motivator for the attackers - researchers note . - and it really matters not whether ( money) were obtained via the victim's bank account , or via the sale of intellectual ( companies) property to the interested third parties . " Wherein only one C & C- server (192.169.82.86), which was used for collecting of the data stolen and for placement of the phishing pages was mentioned in the experts' report
A list of organizations, affected by the Operation Ghoul, is wide and varied : the attackers are robbing the military, heavy equipment manufacturers, petrochemical companies , freight forwarders , manufacturers of textiles and accessories, travel agencies , universities and a vast variety of IT-companies . Experts note that altogether more then 130 companies in 30 countries were victimized by such attacks.
Most companies that suffered are from the AEO - about 70 % of all of the attacks victims are located there . Along with them , though less massively attacked, were companies from Russia , Malaysia, India , Jordan, Turkey , Germany, Egypt, Japan and so on.
Hackers are equally effective against all of the popular platforms (Windows, macOS, Ubuntu, iOS and Android), as all are equal when it comes to phishing attacks. The researchers Note that in addition to the HawkEye they also have seen other malicious programs such as Trojan.MSIL.ShopBot.ww, Trojan.Win32.Fsysna.dfah and Trojan.Win32.Generic.
Experts are warning once again : do not open e-mail attachments that were received from unknown sources. For businesses , experts advise to hold regular training sessions for their staff , as their privileged users must know what are current cyber threats and how to effectively counter them .
More than 130 Industrial Enterprises were affected by the Targeted Operation Ghoul Attacks
08/19/2016
Experts from " Kaspersky Lab " warned that the industrial and design organizations from the Middle East have suffered from targeted attacks which began in March of 2015. In June of 2016 , researchers have recorded a new wave of attacks and the it was awarded the name Operation Ghoul.
Generally hackers use directed phishing to penetrate the companies servers. Well-thought through and well- composed letters, supposedly written by the employees of the bank , were sent to the mailboxes of future victims. The main victims of the attacks have become CEO, COO, senior managers and engineers . As one might guess , hackers sent emails containing malicious attachments , allegedly with payment instructions ( for example , 7z files ) or links to phishing sites .Most often, attackers infect victims with spyware malware HawkEye , which is able to steal credentials of instant messengers , email clients and browsers, intercept data from the clipboard , can monitor keystrokes , and so on . All of the collected data is sent to the command server of the attackers using HTTP GET or emails . Then The stolen info is used to compromise the company's other accounts and to steal its financial information. "Money are the obvious main motivator for the attackers - researchers note . - and it really matters not whether ( money) were obtained via the victim's bank account , or via the sale of intellectual ( companies) property to the interested third parties . " Wherein only one C & C- server (192.169.82.86), which was used for collecting of the data stolen and for placement of the phishing pages was mentioned in the experts' report
A list of organizations, affected by the Operation Ghoul, is wide and varied : the attackers are robbing the military, heavy equipment manufacturers, petrochemical companies , freight forwarders , manufacturers of textiles and accessories, travel agencies , universities and a vast variety of IT-companies . Experts note that altogether more then 130 companies in 30 countries were victimized by such attacks.
Most companies that suffered are from the AEO - about 70 % of all of the attacks victims are located there . Along with them , though less massively attacked, were companies from Russia , Malaysia, India , Jordan, Turkey , Germany, Egypt, Japan and so on.
Hackers are equally effective against all of the popular platforms (Windows, macOS, Ubuntu, iOS and Android), as all are equal when it comes to phishing attacks. The researchers Note that in addition to the HawkEye they also have seen other malicious programs such as Trojan.MSIL.ShopBot.ww, Trojan.Win32.Fsysna.dfah and Trojan.Win32.Generic.
Experts are warning once again : do not open e-mail attachments that were received from unknown sources. For businesses , experts advise to hold regular training sessions for their staff , as their privileged users must know what are current cyber threats and how to effectively counter them .
