Lord777
Professional
- Messages
- 2,578
- Reaction score
- 1,532
- Points
- 113
Experts from the Threat Intelligence Department and the F. A. C. C. T. Cybersecurity Center warn of new attacks by the XDSpy cyberespionage group.
Yesterday, November 22, and the day before yesterday, November 21, malicious mailings were detected targeting the mail of one of the Russian metallurgical enterprises, as well as a research institute engaged in the development and production of guided missile weapons.
In both cases, the signature is the logo of a Russian research institute specializing in the design of nuclear weapons facilities, and the email address of a logistics company from Kaliningrad was indicated as the sender.
In addition, another letter was found sent to Russian metallurgists, but this time from a Belarusian address.
The killchain of this November campaign is the same as in the summer XDSpy attacks described earlier by us — we provided technical details in this blog on Habré.
Recall that most of the targets of XDSpy are located in Russia - these are government, military, financial institutions, as well as energy, research and mining companies. The hack group has been active since 2011, but international experts still haven't decided which country it works for.
Yesterday, November 22, and the day before yesterday, November 21, malicious mailings were detected targeting the mail of one of the Russian metallurgical enterprises, as well as a research institute engaged in the development and production of guided missile weapons.
In both cases, the signature is the logo of a Russian research institute specializing in the design of nuclear weapons facilities, and the email address of a logistics company from Kaliningrad was indicated as the sender.
In addition, another letter was found sent to Russian metallurgists, but this time from a Belarusian address.
The killchain of this November campaign is the same as in the summer XDSpy attacks described earlier by us — we provided technical details in this blog on Habré.
Recall that most of the targets of XDSpy are located in Russia - these are government, military, financial institutions, as well as energy, research and mining companies. The hack group has been active since 2011, but international experts still haven't decided which country it works for.
