Get real time updates directly on you device, subscribe now.
Kaspersky Lab has discovered new wave of targeted attacks against the industrial and engineering sectors in multiple countries around the world. Romania is among them, but with less victims (under 3), from the industrial sector.
Using spear-phishing emails and malware based on commercial spyware kit, criminals hunt for valuable business related data stored in their victims’ networks. In total over 130 organizations from 30 countries, including Spain, Pakistan, United Arab Emirates, India, Egypt, United Kingdom, Germany, Saudi Arabia and other countries were successfully attacked by this group.
In June 2016, Kaspersky Lab researchers spotted a wave of spear-phishing e-mails with malicious attachments. These messages were mostly sent to the top and middle level managers of numerous companies. The e-mails sent by the attackers appeared to be coming from a bank in the United Arab Emirates (UAE): they looked like payment advice from the bank with an attached SWIFT document, the attached archive contained malware.
Further investigation conducted by Kaspersky Lab researchers, showed that the spear-phishing campaign has most likely been organized by a cybercriminal group which has been tracked by company researchers since March 2015. The June attacks appear to be the most recent operation conducted by this group. The malware in the attachment is based on the HawkEye commercial spyware that is being sold openly on the Darkweb, and provides a variety of tools for the attackers.
Based on information received from the sinkhole of some command and control servers, the majority of the victims are organizations working in the industrial and engineering sectors, others include shipping, pharmaceutical, manufacturing, trading companies, educational organizations and other types of entities.
These companies all hold valuable information that could be subsequently sold on the black market – financial profit is the main motivation of the attackers behind Operation Ghoul. Dubbed Operation Ghoul by Kaspersky Lab researchers, it is only one among several other campaigns that are supposedly controlled by the same group. The group is still active.
DONATE: Support our work
In an ever changing and challenging world, the media is constantly struggling to resist. Romania Journal makes no exception. We’ve been informing you, our readers, for almost 10 years, as extensively as we can, but, as we reject any state funding and private advertising is scarce, we need your help to keep on going.So, if you enjoy our work, you can contribute to endorse the Romania Journal team. Any amount is welcome, no strings attached. Choose to join with one of the following options:
Donate with PayPal
Donate by Bank Wire
Black Zonure SRLUniCredit Bank. Swift: BACXROBU
RON: RO84 BACX 0000 0022 3589 1000
EURO: RO57 BACX 0000 0022 3589 1001
USD: RO30 BACX 0000 0022 3589 1002