A major Russian cybersecurity company, Positive Technologies, discovered the Dark River cyber group that was conducting attacks on Russian businesses using tools for espionage and theft of confidential information. In this respect RIA News the company said.
“A new group running dangerous malware, which researchers call Dark River, is deliberately attacking businesses <…>Positive Technologies reported that it invested significant financial and intellectual resources in the development of its tools.
They noted that this cybergroup has a highly technologically advanced architecture and transport system that allows its backdoor (a program installed by an attacker – socialbites.ca) to operate unnoticed for long periods of time on a compromised infrastructure for the purpose of espionage and theft. confidential information.” information.”
As suggested by the company’s experts, the attack begins with a phishing letter containing a “.docx” file, and the content of the document is structured in a way that makes the recipient turn on the edit mode. Enabling this mode may result in the download of a resource controlled by cybercriminals. Similar letters were sent to Russian companies in August-September 2022.
“The main feature of the MataDoor backdoor is its unprecedented complexity compared to what we have seen before. A large and complex transport system allows you to flexibly configure communication with the operator team and the server to remain hidden and unnoticed. Positive Technologies’ information security threat “This malware can operate even on logically isolated networks, receiving and transmitting data from anywhere,” said Maxim Andreev, senior specialist in the research department.
This type of attack mechanism via MataDoor was first discovered by company researchers while investigating an incident in 2022. Currently, no more than four cases of MataDoor being used in cyber attacks are known, and all of them target large organizations.
Previously Russian hackers was attacked Polish Ministry of Defense.