Kommersant learned about a phishing assault on authorities from Russia and many nearby countries, which was recently revealed in the study carried out by specialists from British information security firm Cyjax, Kommersant writes.
These organisations, which include Armenia, Azerbaijan, China, Kyrgyzstan, Kyrgyzstan, Georgia, Belarus, Ukraine, Turkey, Turkmenistan und Uzbekistan, are the Russian Academy of Sciences and the postal service Mail.ru.
In this scheme the firm has examined more than 50 domains and discovered it was launched in the spring of 2020.
Currently 15 active websites are imitating e-mail entry portals for staff from foreign, finance and energy ministries from different nations, Cyjax said.
The request was not answered by the RAS. Mail.ru says it monitors and “responds promptly to such events as these, including those mentioned in the report,” to phishing sites and fake emails. The firm stated that Mail.ru mail includes a spam control system that responds to new spam situations like phishing.
The assault is aimed at gathering logins and passwords for government personnel to access mails, says Cyjax. Cyber thieves probably use phishing mails to disseminate links to such sites, but they could not locate examples of such letters.
The typical method is to send emails to workers saying, for instance, that the business now has a new mail server to register with a link, says Alexei Novikov, Director of the Center of Security Experts of Positive Technologies.
According to him attackers may link in the letters of the employee to the mailbox and to secret documents, after receiving logins and passwords. For further attacks, hackers may utilize the access obtained by sending a malicious letter to the address of the partners of the business, adds Mr. Novikov.
In the absence and emphasis on Russia and the surrounding nations of immediate financial benefits, the assault may lead to some pro-state groups, Cyjax thinks.
Kommersant has discussed the circulation of possibly harmful mailings by government entities. Cybersecurity firms warned in October of targeted assaults on XDSpy hacking group leaders. However, hackers who offer shadow forum access may be behind the assault, Cyjax said.
