Kaspersky Uncovers 10,000 Cyberattacks: Global Organizations Targeted

Cozy Bear

Kaspersky Lab has identified over 10,000 financially motivated cyberattacks targeting organizations from various regions, as part of a campaign deploying multiple types of malware. Researchers discovered that the threat actors employ not only backdoors, keyloggers, and miners but also innovative malicious scripts that disable security features, facilitating the installation of malevolent software.

The attacks spanned from May to October of the current year. According to Kaspersky’s telemetry, over 200 users were compromised during this campaign. The targeted entities encompassed governmental institutions, and agricultural and commercial enterprises from Russia, Saudi Arabia, Vietnam, Brazil, and Romania. Incidents were also detected in the USA, India, Morocco, and Greece.

Cozy Bear

Cybercriminals exploit vulnerabilities in servers and workstations to gain unauthorized access. Once inside, they deploy new malicious scripts aimed at bypassing Microsoft Defender, escalating privileges, and deactivating antivirus components. If successful, they download backdoors, keyloggers, and miners from a now-inaccessible web source. The miner harnesses system resources to mine various cryptocurrencies, such as Monero (XMR). Concurrently, the keylogger records keystrokes and mouse clicks, while the backdoor establishes a connection to the Command & Control (C2) server for data transmission, granting the adversaries remote control over the compromised system.

Kaspersky Lab experts note the rapid evolution of this malware-infused campaign, with emergent versions of the tools for perpetrating attacks. Evidently, these malefactors seek to monetize their endeavors by any means. Beyond cryptocurrency mining, they might pilfer user credentials, peddling them on the dark web, or execute more intricate schemes harnessing the capabilities of backdoors.