In April, Kaspersky Lab uncovered a series of cyber attacks on system administrators of sites in Russia. By April 23, the company had discovered about 4,000 fraudulent emails sent to more than 2,000 email addresses. The peak of the mailing fell on April 16-17, but messages continue to come to this day.
Code robbery: the number of hacker attacks in trade increased by 77%
Due to the pandemic, sellers in a hurry created online stores with weak protection
The goal of a cyber attack is to infect web resources controlled by sysadmins and gain access to site management. If successful, hackers will be able to create pages, post any information, upload files, Kaspersky Lab emphasized.
Under the guise of a regulatory body, attackers send out fraudulent notifications about the need to confirm the fact of domain name management.
The letter gives instructions according to which you need to create a file with certain content in the root directory of the site. In reality, the sysadmin launches a Trojan program with his own hands to remotely control the victim's computer.
"To confirm that you have the actual ability to manage the domain name, create a file in the root directory of the site (with the extension .php. - Ed.)", - says the text of the letter of the scammers.
In order not to give the recipient time to suspect that something was wrong, he is required to follow the instructions in a short time - within three days, said Alexander Liskin, head of the anti-virus research laboratory at Kaspersky Lab.
|More than a hundred Russian companies have undergone a cyber attack|
“Site administrators are often attacked, for example, they extort money from them by sending fake notifications about the impending end of the site lease. But this time, the purpose of the attack is to gain access to site management. The attackers are making every effort to convince the recipients of the authenticity of the letter: the regulator is listed as the sender, and a corresponding emblem has been added to enhance the effect, ”Liskin said.
The expert recommended to remain vigilant when receiving messages from unknown senders in e-mail and instant messengers and to double-check the information allegedly from official bodies. Who is behind the attack is still unknown, the company's specialists are investigating the cyberattack.
Earlier, in April, DeviceLock told Izvestia that the Russians could face a major attack on their accounts by intercepting SMS with authorization codes.
In early March, a proposal appeared on the darknet to sell access to the switch of one of the mobile operators, which allows one to gain control over the SS7 signaling system. It can be used to intercept calls and SMS from all communication providers with which the vulnerable operator has a roaming agreement. These include Russian providers.