Operation In (ter) ception: attacks on European companies

ESET researchers detected προς εταιρείες του αεροδιαστημικού και του αμυντικού τομέα, με πιθανή την εκδοχή η επιχείρηση αυτή να έχει σχέση με τη γνωστή cyber criminals Lazarus.

ESET researchers identify targeted cyber-attacks LinkedIn, which in addition to espionage also aimed at financial gain.

These cyber-attacks are distinguished by the use of techniques spearphishing and their ability to use impressive methods in order not to be perceived. ESET researchers named the company In (ter) ception based on a sample of related malicious software called ".dll, ”.

The attacks studied by the ESET team of scientists began with a simple message on LinkedIn. "The message was about a very plausible job offer and apparently came from a well-known company in a relevant field. Of course, the LinkedIn profile was fake and the files sent were malicious, "said Dominik Breitenbacher, a malicious ESET researcher who analyzed the malware and led the investigation.

The malicious files were sent via LinkedIn messages or emails containing a link to OneDrive. For the second case, the attackers created email accounts that corresponded to fake LinkedIn accounts.

Once the recipient opened the file, a seemingly innocuous PDF document appeared with payroll information related to the fake job offer. In the meantime, it was already silently installed on the victim's computer. In this way, the attackers were able to gain initial access and permanent presence on the recipient's system.

The intruders then performed a series of steps described by ESET researchers in Whitepaper with Title "Operation In (ter) ception: Targeted attacks on European aerospace and defense companies”. Some of the tools used by cybercriminals were custom multi-level malware that often appeared as legitimate software, as well as modified versions of open source tools. In addition, cybercriminals used "living-off-the-land" techniques, that is, the use of pre-installed Windows utilities to perform malicious functions.

"The attacks which we investigated bore all the evidence of an attack aimed at espionage, with several indications suggesting a possible connection to the famous cybercrime group Lazarus. However, neither the malware analysis nor the research allowed us to get an idea of ​​the files that the intruders were targeting, ”comments Breitenbacher.

In addition to espionage, ESET investigators found evidence that the intruders tried to use the breached accounts to extract money from other companies.

In the victim's e-mail, the intruders located emails that the victim had exchanged with his client about an invoice that was pending. The cybercriminals monitored the discussion and urged the customer to pay the bill - of course, the money would end up in the cybercriminals' bank account. Fortunately, the victim's client suspected that something was wrong and contacted the victim, thus preventing the cyber attack.

"The specific cyber attack for monetary gain through access to the victim network should serve as another incentive for all of us to implement strong intruder protection systems and for companies to educate their employees on cybersecurity issues. Such training could help employees identify lesser-known social engineering techniques, such as those used in Operation In (ter) ception, ”concludes Breitenbacher.

The malicious operation took place from September to December 2019.

For more technical details about Operation In (ter) ception, visit blogpost or download the White Paper from WeLiveSecurity.com.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).