Categories: Ad Guardian PlusNews

Hackers attack Germany, Italy and US

Security researchers tracked activities of a new group of financially-motivated hackers. So, the hackers target a few companies and organizations in Germany, Italy, and the United States. And they try to infect them with backdoor, banking Trojan, or ransomware malware.

The attackers are more interested in manufacturing, healthcare industries and IT services that store critical data. Because they count on the fact that people who have their data here can afford high ransom payouts.

Hackers pretend to represent government entities asking for taxes or refunds, according to a ProofPoint report. And they usually send out low-volume emails. Also, researchers mention that: “Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in different geographies.”

A DOC file compromises computers

The hackers use a malicious Word document attached as the first step to compromise devices. When users open the document, it executes a script to run PowerShell commands. Then, they download and install ransomware, a Trojan or a backdoor.

The specialists explain that “Opening the Microsoft Word Document and enabling macros installs Maze ransomware on the user’s system, encrypting all of their files, and saves a ransom note resembling the following in TXT format in every directory.”

Christopher Dawson,

Christopher Dawson, Threat Intelligence Lead at Proofpoint, told The Hacker News that “Although these campaigns are small in volume, currently, they are significant for their abuse of trusted brands, including government agencies, and for their relatively rapid expansion across multiple geographies.”

Also, hackers

use lookalike domains, excessive technical writing and stolen branding, to be more convincing:

  • Bundeszentralamt fur Steuern, the German Federal Ministry of Finance,

  • Agenzia Delle Entrate, the Italian Revenue Agency,

  • 1&1 Internet AG, a German internet service provider,

  • USPS, the United States Postal Service.

The minimum protection against cybercriminals

Although they use well-known tools and techniques, these still work very well and let criminals gain access to organizations.

The basic online security steps would be:

  • disable macros from running in office files,

  • keep a regular backup of the important data

  • run one of the best antivirus software

  • never open email attachments from unknown/untrusted sources.

  • Avoid clicking the links from unknown sources.

Laurentiu Titei

View Comments

Recent Posts

Fix Surface Pro 3 – White Spots on Screen Issue

The other day, we noticed white spots on the screen. For us, a computer screen…

2 hours ago

How to Find the Epson L380 Driver for Windows System

Epson is a renowned name in the printer industry, known for its world-class yet cost-efficient printers, Epson…

14 hours ago

Solved: Application Unable to Start Correctly 0xc0000142 Error

The “application unable to start correctly” 0xc0000142 error code is a problem for many Microsoft…

1 day ago

Epson L3250 Driver Install on Windows with Easy Methods

Epson L3250 is a printer highly praised for its fast printing, low running costs, and…

2 days ago

What Is an RPMSG File and How to Open It in Windows

“My client sent me an RPMSG file as an email attachment, but I can’t open…

2 days ago

How to Fix File Explorer Not Opening Windows 11

Is the File Explorer not opening? Understandably, this must be frustrating, especially if finding files,…

3 days ago