Roskomnadzor to check foreign gadgets

tanjimajuha20 · Post by **tanjimajuha20** » Thu Jan 23, 2025 6:54 am

Analysts at Solar AURA (owned by RTK-Solar) found that the fraudsters used domains that were as similar as possible to the official domain names of investigative bodies. The attackers sent out letters demanding that they familiarize themselves with the materials of the criminal case, using real data of citizens obtained as a result of leaks.

Previously, cybercriminals attacked and infected mobile devices of employees of large corporations with spyware.

Read also

The Main Radio Frequency france whatsapp resource Center (GRChTs) purchased 54 mobile devices from foreign vendors for 2.3 million rubles to test them for hidden threats. The agency will conduct a study of protocols for protecting the Russian Internet from cyberattacks and identify gaps in the operation of technical means for blocking prohibited information on the territory of the Russian Federation.

In the mailing, the scammers addressed the victims by their first name and patronymic, and in some cases indicated their passport details and registration addresses. The criminal case numbers in the text are real and were obtained from open sources. All this creates the illusion of interaction with a government agency and increases the chances that the recipient of the letter will launch a malicious program.

Analysts found that the attackers took advantage of one of the leaks in 2022: then the total number of published records reached 30 million, including more than 6 million unique emails, of which 78 thousand belong to corporate domains.

Experts say that the phishing mailing scheme is widespread, but has undergone some changes. Previously, fraudsters attached malicious ZIP files directly to letters, but due to tightened security measures, such messages should now be automatically filtered as spam. Therefore, instead of the usual attachments, attackers insert a link to a file-sharing service, through which, presumably, the victim downloads malicious content. In this attack, it is disguised as a text recognition program.

However, Andrey Kovtun, head of the Kaspersky Lab email threat protection group, said that a link to download a file instead of an attachment is not new: "The link has been used to distribute malware in email for many years. Therefore, email filters are usually able to block such messages. Recently, we have repeatedly observed attacks on corporate users with attempts to mimic government agencies. In them, the malicious file also had to be downloaded from a link in the email. However, this mailing uses different malware."

Diana Selekhina, an expert at the Solar AURA external digital threat monitoring center, suggested what motives the attackers might have had: "In this case, using malware for remote access allows attackers to act on behalf of the victim, on their behalf. That is, all transactions will look legitimate. For example, if fraudsters log into a bank client's personal account from the victim's computer, this will not arouse suspicion in the anti-fraud system. Moreover, such an operation will then be very difficult to challenge, since from the bank's point of view, this will be a regular operation by the client, and proving that malware was used is extremely difficult, especially since after the theft, attackers usually delete the malware from the victim's computer, thereby covering their tracks."