Cybercriminals launched a phishing campaign where they distributed the DarkWatchman RAT Trojan under the guise of mobilization instructions. In this respect reported on the information security company FACCT’s blog on the Habr portal.
On May 10, Russian cybercrime technology developer FAC.CT detected and blocked more than 600 emails with malicious attachments sent to Russian organizations, including HR departments and secretaries. The senders of the letters introduced themselves as representatives of the Main Directorate of the Military Commissariat of the Ministry of Defense of the Russian Federation and used the fake address [email protected]
These letters say that recipients must be present at the enlistment registry and enlistment office at 8:00 am on May 11 for background checks. As evidence, an electronic copy of the mobilization order is attached in the form of a zip archive named “Mobilization Decree No. 5010421409-VVK dated 05/10/2023”. Inside the archive was an exe file that, when launched, installed the DarkWatchman RAT remote access trojan on the victim’s computer.
The DarkWatchman RAT Trojan is known as a tool of Hive0117, a financially motivated hacker group that uses it for reconnaissance and preparation for subsequent attacks.
Banks, IT companies, industrial enterprises, small and medium-sized businesses and others could be potential victims of the attack, according to the FAC.CT.
Formerly socialbites.ca saidApplications containing the dangerous Fleckpe Trojan are available on the Google Play Store.