![]() The attackers control their victims using HawkEye keylogger, a commercial spying tool from HawkEyeProducts, and a configuration module containing a number of Remote Administration Tools (RATs). The user clicks to download it and the spying program is delivered to the machine from a remote server that has been hacked by the group to serve as a malware hub. Infection starts when a user in a business organization receives an email with an attachment that appears to be a Microsoft Office Word (.doc) file. This threat shouldn’t be underestimated,” – says Ido Naor, Senior Security Researcher, Global Research & Analysis Team. On May 15 th a simple Grabit keylogger was found to be maintaining thousands of victim account credentials from hundreds of infected systems. Grabit is still active, and it’s critically important to check your network to ensure you’re safe. But Grabit shows that it’s not just a “big fish” game – in the cyber world every single organization, whether it possesses money, information or political influence, could be of potential interest to one or other malicious actor. “We see a lot of spying campaigns focused on enterprises, government organizations and other high-profile entities, with small and medium-sized businesses rarely seen in the lists of targets. ![]() Other countries affected are the UAE, Germany, Israel, Canada, France, Austria, Sri Lanka, Chile and Belgium. The list of target sectors includes chemicals, nanotechnology, education, agriculture, media, construction and more. Kaspersky Lab has recently discovered a new business-oriented cyber-spying campaign called Grabit that was able to steal about 10,000 files from small/medium- sized organizations based mostly in Thailand, India and the US.
0 Comments
Leave a Reply. |