XDSpy hacker group attacked Russian organizations on behalf of the Ministry of Emergency Situations – Kommersant
[ad_1]
The Cybersecurity Center of the Russian developer of technologies for combating cybercrime FACCT on July 11 recorded a phishing mailing of malicious emails on behalf of the Ministry of Emergency Situations. According to the center, the attack was carried out by the XDSpy hacker group, which again started working in Russia in March of this year.
In the text of the letter, recipients on behalf of the Ministry of Emergency Situations are asked to download a file – it contains a list of company employees who allegedly “may sympathize with groups that destabilize the internal situation in Russia.” The senders threaten that legal action will be taken against the employees if there is no response. Malicious software is downloaded under the guise of the Spisok_rabotnikov.pdf file with a list of random people. It collects data and documents from computers.
The XDSpy group used this method of hacker attack before: in mid-March, hackers attacked the structures of the Russian Foreign Ministry in this way, and in October 2022, Russian organizations with fake subpoenas on behalf of the Ministry of Defense.
The XDSpy grouping attacking organizations in Russia and Belarus was discovered by the Belarusian center CERT (Information Security Incident Response Center) in February 2020. However, experts believe that this group has been operating since at least 2011, and its members are located approximately in the same place as the victim organizations.
At the same time, international experts on cyber threats have not decided on the interests of which country the group is working for. According to FACCT, most of the victims of this group are located in Russia: hackers attack government, military, financial institutions, as well as energy, research and mining companies.
Read more about the return of the XDSpy grouping to Russia – in the material “Hackers knocked on the Foreign Ministry”.
[ad_2]
Source link