Kaspersky Lab researchers have discovered a new trend among digital espionage threats: hackers Instead of developing personalized hacking tools or buying them from third parties in the "underworld" of digital crime, they use tools available on the Internet for investigative purposes. 
Several digital espionage campaigns using these tools have been recently identified by experts.
This trend demonstrates that not only the price of dangerous digital attack tools is reduced but that these tools are becoming more and more effective and their accessibility is increasing. This means that even less professional, less skilled and less resourceful hacker groups can now pose a threat to users and businesses. In addition, the use of legitimate means makes such attacks less visible in security solutions.
The Browser Exploitation Framework (BeEF) is one such tool. Originally developed by the security community to make browser security better and easier, it is now being used by several digital espionage teams for attacks around the world.
To exploit vulnerabilities in target browsers, hackers compromise them websites that users are interested in, "plant" BeEF in them and then simply wait for victims to visit them. BeEF's content allows for both system and user identification and allows exploitation and theft of authentication credentials, which in turn allows additional malware to be "downloaded" to the compromised device and more. This "contamination" tactic is called a "watering hole" attack and is often used by digital espionage agencies.
During their investigation, Kaspersky Lab's experts were able to locate dozens of websites used for "watering hole" attacks. The nature and themes of these websites reveal a lot about the types of possible goals:
- Embassy of the Middle East in the Russian Federation
- Indian School of Military Technology
- Regional Office of the President
- Ukrainian ICS Scanner mirror
- Her organization Europeanof the Union to support diversity in education
- Russian agency for foreign trade management
- Progressive news and politics Media in Kazakhstan
- Turkish news agency
- Specialized German Music School
- Japanese Textile Production Control Body
- Middle East Social Responsibility and Charity Organization
- Popular British "lifestyle" blog
- Web Platform of Algerian University curriculum
- Chinese construction group
- Russian holding company with international activities
- Russian gaming developer forum
- Romanian site game developer site for the Steam platform
- Chinese virtual gaming vendor
- Brazilian house selling musical instruments
"In the past we have seen groups (hackers) use different, open source, legal pentesting tools, either in combination with their own malware or without it. But what is different now is that we are seeing more and more teams using BeEF, considering it an attractive and effective alternative. This should be taken into account by corporate security departments in order to protect organizations from this new threat."Said Kurt Baumgartner, Principal Security Researcher of Kaspersky Lab.
More information about the malicious use of BeEF and other legitimate tools by hackers, such as Newsbeef/Newscaster, Crouching Yeti, and TeamSpy APT, and how to protect against such attacks, are available on the Securelist website. com.
