FSTEK: Foreign Hackers Target Russian Systems

18 Dec 2024 1:45 pm GMT+0000 Date Time

Phishing Attacks Targeting Russian State Authorities and Critical Infrastructure Subjects
Russia recorded a series of phishing attacks directed towards state authorities and critical information infrastructure entities within the country. These attacks are being carried out by foreign hacker groups who are sending emails purporting to be from official government bodies, individuals, and businesses. The malicious emails contain attachments disguised as common documents, with filenames like “2024_ Cestrication of initiation of the case”, “Urgently need a new order”, “Additional agreement to the contract”, and others such as “Contacts”, “Reporting 24”, “DOS”, “List of goods and services”, and “Letter in the MNTC and the Central Bank”. The extensions of these files often appear as “.docx.lnk”, “*.pdf.rar”, “.xls.rar”, “.LZK”, “.pdf.exe”, and “.pdf.lnk”, with some even masquerading as standard document files like “.doc”. To mitigate the risks associated with these phishing attacks, it is advised to scan all email attachments with antivirus programs and carefully scrutinize the domains of the senders before opening any emails. Avoid opening emails with unfamiliar or suspicious subject lines. Additionally, using accounts with minimal access privileges and providing education and training to employees on identifying phishing emails can help in reducing the chances of falling victim to such cyber threats.

Phishing Attacks Targeting Russian State Authorities and Critical Infrastructure Subjects

Russia recorded a series of phishing attacks directed towards state authorities and critical information infrastructure entities within the country. These attacks are being carried out by foreign hacker groups who are sending emails purporting to be from official government bodies, individuals, and businesses.

The malicious emails contain attachments disguised as common documents, with filenames like “2024_ Cestrication of initiation of the case”, “Urgently need a new order”, “Additional agreement to the contract”, and others such as “Contacts”, “Reporting 24”, “DOS”, “List of goods and services”, and “Letter in the MNTC and the Central Bank”. The extensions of these files often appear as “.docx.lnk”, “*.pdf.rar”, “.xls.rar”, “.LZK”, “.pdf.exe”, and “.pdf.lnk”, with some even masquerading as standard document files like “.doc”.

To mitigate the risks associated with these phishing attacks, it is advised to scan all email attachments with antivirus programs and carefully scrutinize the domains of the senders before opening any emails. Avoid opening emails with unfamiliar or suspicious subject lines. Additionally, using accounts with minimal access privileges and providing education and training to employees on identifying phishing emails can help in reducing the chances of falling victim to such cyber threats.

/Reports, release notes, official announcements.