Kaspersky Lab has recently discovered a new business-oriented cyber-spying campaign called Grabit that was able to steal about 10,000 files from small/medium-sized organizations based mostly in India, Thailand, and the US. The list of target sectors includes chemicals, nanotechnology, education, agriculture, media, construction and more. Companies based in India and Thailand had the largest percentage of infected machines. By looking at the stolen credentials, it is very clear that employees sent the malware to one another, as stolen host names and internal applications are the same.
Kaspersky Lab documentation points out that the campaign started somewhere in late February 2015 and ended in mid-March. As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe.
Infection starts when a user in a business organization receives an email with an attachment that appears to be a Microsoft Office Word (.doc) file. The user clicks to download it and the spying program is delivered to the machine from a remote server that has been hacked by the group to serve as a malware hub. The attackers control their victims using HawkEye keylogger, a commercial spying tool from HawkEyeProducts, and a configuration module containing a number of Remote Administration Tools (RATs).
Comments
Post a Comment