Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security Firm. Show all posts
Security Firm
AI technology CyberCrime Cybersecurity CyberThreat Data Breach Hackers Security Firm

Hackers Use Forked Stealer to Breach Russian Businesses

 


As of January 2025, there were multiple attacks on Russian organizations across several industries, including finance, retail, information technology, government, transportation, and logistics, all of which have been targeted by BI.ZONE. The threat actors have used NOVA stealer, a commercial modification of SnakeLogger, to retrieve credentials and then sell them on underground forums.

It has been identified by the BI.ZONE Threat Intelligence team that a sophisticated cyber-attack is targeting Russian-based organizations across multiple industries. Threat actors are using NOVA stealer, which is a brand new commercial variant of SnakeLogger, to infiltrate corporate networks and steal sensitive information.

As part of a Malware-as-a-Service (MaaS) package, this malware is available for sale on underground forums for a subscription fee of $50 per month. Social engineering tactics are employed by the attackers to spread malware using phishing emails that disguise the malware as an archive that is related to contracts. It is clear from this campaign that the adversaries greatly increased their chances of success by exploiting well-established file names and targeting employees in sectors with high email traffic. 

This campaign demonstrates the persistence of the threat posed by malware that steals your personal information. This stolen authentication data can be used as a weapon in the future for highly targeted cyberattacks, which may include ransomware operations. By using MaaS-based attack strategies, cybercriminals can optimize their resources to focus on rapid distribution rather than malware development, allowing them to maximize their resources.

Therefore, organizations should maintain vigilance against evolving cyber threats and strengthen the email security measures they have in place to mitigate the risks associated with these sophisticated attack vectors to remain competitive. According to a recent report published by Moscow-based cybersecurity firm BI.ZONE, NOVA stealer is a commercial malware variant derived from SnakeLogger. This variant has been actively sold on dark web marketplaces as a Malware-as-a-Service (MaaS) offering and is being sold on the black market as well. 

Using this device, cybercriminals can steal credentials and exfiltrate data simply and quickly with minimal technical effort by charging $50 per month or $630 for a lifetime license, depending on which option you choose. As a result of geopolitical tensions and a surge in cyberattacks targeting Russian organizations, the report comes amid a rise in cyberattacks, many believed to be state-sponsored operations. 

There is a war going on in Ukraine and several economic sanctions are being placed against Moscow, as a result of which Western cybersecurity companies have withdrawn from the Russian market. This has left gaps in the capabilities of cyber threat intelligence and incident response. It follows that most cases of cyber intrusions these days are reported by domestic security firms, which are often not equipped with the depth of independent verification and analysis that global cybersecurity firms are usually able to provide. 

Researchers from F.A.C.C.T., a Russian cybersecurity firm, recently discovered a cyberespionage attack that targeted chemical, food, and pharmaceutical firms. According to Rezet (Rare Wolf), a state-backed hacking group that has been responsible for approximately 500 cyberattacks on Russian, Belarusian, and Ukrainian organizations since 2018, the cyberespionage campaign is being conducted in response to the attacks. 

As part of its investigation of the cyber intrusion, Solar also found another cyber intrusion, indicating that an attack group known as APT NGC4020 used a vulnerability in a remote access tool developed by U.S.-based SolarWinds to target Russian industrial facilities and attempted to exploit the vulnerability. The attackers used the vulnerability to exploit the Russian industrial facilities. 

Rostelecom, which is one of the leading telecom companies in Russia, Roseltorg, which is one of the nation's primary electronic trading platforms, and Rosreestr, which is an independent governmental agency in charge of maintaining land records and property tax records, were recently the victims of cyberattacks. These cyber intrusions are becoming increasingly sophisticated and frequent, thereby reflecting the heightened threat landscape that Russian organizations are currently facing to mitigate potential risks as a result of the heightened threat landscape.
Read more »
Subscribe to: Posts (Atom)