As Kaspersky Lab found out, a number of spot malicious mailings took place in the summer of 2022. The letters, tailored to the specifics of specific organizations, contained viral attachments and were sent to Russian state bodies and large companies.
The texts in these newsletters were compiled taking into account the current agenda or activities of individual companies. For example, the perpetrators presented themselves as employees of various ministries and sent letters to state organizations on their behalf. In another case, hackers posed as an accounting contractor and wrote about payroll problems for a major telecom operator.
Employees received such letters and opened attachments that supplemented what was written. For example, it could be a file with comments on some table, which actually contained malicious code and allowed hackers to gain access to the victim’s computer.
Kaspersky Lab notes the high plausibility of such mailings. The logic of the formation of postal addresses in various departments was followed, but the domains belonged to third-party and little-known services in the Russian Federation. The signatures in the letters were also drawn up with all the attributes, business vocabulary was used and even real employees who work (or used to work) in the organization were mentioned.
In addition, hackers are using new malware and techniques that make it harder to detect malicious campaigns. Experts’ conclusions are to be as attentive as possible to received letters and try to notice even minimal suspicious signs.