Skip to main content

Russia’s industrial sector targeted in highly personal email attacks

Published on: 14 Aug 2018

More than 400 industrial organisations in Russia have been targeted in a new wave of financial spear-phishing emails disguised as legitimate accounting letters.

Since autumn 2017, criminals have been sending out emails containing malicious attachments in an attempt to lure unsuspecting victims into giving away confidential data, which they could then use to make money.

Around 800 employee PCs were targeted, Kaspersky Lab believes, with the money and data stolen going on to form the basis for fresh attacks.

The disguised emails contained content that corresponded to the profile of the attacked organisations and took into account the identity of the employee in the ‘to’ field, even addressing the targeted victims by name in the actual email.

After clicking on the malicious attachments, modified legitimate software was discreetly installed on the computer so that criminals could connect to it and examine documents and software related to procurement, financial and accounting operations.

“The attackers demonstrated a clear interest in targeting industrial companies in Russia,” said Vyacheslav Kopeytsev, a security expert at Kaspersky Lab.

“Based on our experiences, this is likely to be due to the fact that their level of cyber security awareness is not as high as it is in other markets, such as financial services. That makes industrial companies a lucrative target for cyber criminals - not only in Russia, but across the world.”