Cybersecurity experts from Google wrote in the official blog of the company that a group of Russian hackers Coldriver, sponsored by the Kremlin, developed a new tactic of phishing (phishing-a way of fraud on the Internet, which aims to access confidential information of people, such as login and password - Ed. ). Experts claim that this is the same group that attacked 3 nuclear research laboratories in 2023.
"Coldriver frequently uses accounts for expert in a particular industry, for example, in the field of cybersecurity. Then, through this account, they connect with the victims and assure that their computers are in danger, but they can help . As a result, the attackers send the document to the instructions for the installation of an antivirus containing a harmful link, " - experts write.
To make people to force people to install a malicious software, Coldriver sends articles in PDF format asking for a response. The text in this PDF file is encrypted in a special way. If the user gets to the fishing rod, he or she tells the seemingly a specialist that he cannot read the text.
He proposes to send a link to decryption utility, but in fact "decryption utility" is a backdone (a backdow - a defect that is deliberately built into a computer code that allows unauthorized access to data or remote computer management - ed. ) . Google was called Spica. After installing a malicious software, you can execute commands remotely, steal cookies from the user's browser, download and unload files, and delete documents from your computer.
Google states that SPICA was first used in September 2023. In total, 4 encrypted PDFs were detected, but Google managed to get only one spica sample, which appeared as a tool called "Proton- Decrypter. exe". With this pest, Colddriver hackers wanted to steal users and groups related to Ukraine, NATO, scientific institutions and non -governmental organizations. To protect users, the company has updated Google software to block the download of domains related to the Coldriver Phishing Campaign.
Google has published a report one month after the US authorities have warned that the Coldriver group, also known as Star Blizzard, "continues to use phishing attacks" to defeat targets in the UK. "Since 2019, Star Blizzard has aimed at sectors such as academic circles, government organizations, non -governmental organizations, analytical centers and politicians," the US cybersecurity and security agency said.
English
Українська
USA
Français
Deutsch
Italiano
Polski
Čeština
Español
Slovensku
