Russian security provider Kaspersky warns of a wave of targeted attacks on industrial companies, including in European countries. The hackers rely on the malware Mimikatz.
In the past few months, unknown hackers have apparently targeted industrial companies and their suppliers under fire. According to an analysis, security researchers at Kaspersky affect companies in Germany, Great Britain and Asia. The hackers use tailor made emails for their attacks.
The Attacks Observed By Kaspersky Started In Early 2020
The hackers smuggled their malware into the affected companies with the help of phishing emails. Word documents with malicious macros were attached to the messages. However, the malware only became active if the language of the email matched that of the operating system. As mentioned above, the malware is said to be the Mimikatz tool. The software was originally developed to detect vulnerabilities in Microsoft authentication protocols. The program, which has become very popular among hackers, is therefore able to display data such as tickets. With this and similar information, hackers can then compromise corporate networks and gain access to accounts with admin rights.
Among other things, the attention of the Kaspersky security researchers caught the hackers actions because the hackers make it difficult to discover the malware module using steganography methods. This makes it almost impossible to discover the download using solutions to monitor and control network traffic, as Kaspersky experts explain. In addition, it is not clear who or what is behind the attacks. It is worrying that the focus is primarily on suppliers in the industrial sector. This makes it possible to attack corporations with remote management tools used by the contractors. Kaspersky therefore recommends that employees be trained in how to use e-mails and that macros be restricted.