- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- The LG soundbar made my home audio sound like a theater - even though it's not the newest model
Cyber-Criminals Exploit Invasion of Ukraine
Cyber-criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.
In a blog post published Friday, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.
Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos removed access Trojans.
Agent Tesla is a malware-as-a-service (MaaS) RAT and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.
Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.
The first campaign detected by threat researchers was observed targeting organizations in the manufacturing industry via a .zip attachment named ‘REQ Supplier Survey.’ Recipients of the email are asked to complete a survey about their suppliers and backup plans in response to the assault on Ukraine.
“According to our threat researchers, the malicious payload is downloaded and deployed from a Discord link directly on the victim’s machine,” said Bitdefender Labs.
“Interestingly though, interacting with the malicious file will also download a clean version of Chrome on the users’ device – most likely an attempt at diverting users.”
Most of these attacks (86%) appeared to originate from IP addresses in the Netherlands. Targets for the malicious emails were spread all over the world, including South Korea (23%), Germany (10%), the UK (10%), the US (8%), the Czech Republic (14%), Ireland (5%), Hungary (3%), Sweden (3%) and Australia (2%).
The second campaign observed by researchers involved attackers impersonating a South Korean-based healthcare company to deliver the Remcos RAT via an Excel attachment (SUCT220002.xlsx).
Recipients are asked whether they want to put their orders on hold because shipments have been affected by the largest land invasion Europe has suffered since World War II.
Most of these attacks (89%) seemed to stem from IP addresses in Germany, with most intended victims located in Ireland (32%), India (17%), the US (7%) and the UK (4%).
