Ukraine recorded a new wave of cyber attacks

A new wave of distribution began on 22 August.

“When monitoring virus activity was detected newsletter, which was identified an interesting pattern. A file with the name “док.zip” loaded together with the received email, which opens the victim, and is a text file with script language javascript”, – reported experts ISSP.

The script is a Downloader, whose main task is to download and run the executable file (module) load.exe that becomes the window for intruders.

Malicious file collects information on the victim’s computer and sends it to the command centers of the attackers. This same file is waiting for instructions from the attackers to install additional modules. They turn the victim’s computer in the desired for hackers resource (it may be backdoor through which attackers can infiltrate the infrastructure, bypassing the protection; the Keylogger is to gather information about the keystrokes and send it to the command centers; a scanner that will gather information about grab infrastructure and much more).

At the moment access to the site impossible. Instead it is a plug that the resource is blocked by the administrator of the hosting provider Besthosting.

“Perhaps the attackers have used the vulnerability of the site to host the malicious file, or is the result of the attack NotPetya 27.06.2017 (attackers left any possibility of unauthorized entry and now they have used). So maybe this is the first “swallow” of preparing a full-scale cyber-attacks before the holidays,” say the experts ISSP Labs.

© 2017 – 2019, paradox. All rights reserved.