At the beginning of 2024, Russia recorded an increase in the number of hacktivist cyber attacks against employees of large public sector companies and the military-industrial complex (DIC); Meanwhile, the attackers, on behalf of employees of the FSB or the Ministry of Internal Affairs, transfer victims’ money to fraudsters or set fire to military and enlistment offices and commit other crimes. Alexey Korobchenko, head of the information security department of the Security Code company, told socialbites.ca about this.
As part of the new scheme, hacktivists are sending letters to company employees on behalf of their managers who are carrying out law enforcement “orders”. The main distribution channels are popular instant messengers such as Telegram and WhatsApp. These types of attacks are called FakeBoss.
Attackers, on behalf of top management, send fake orders to employees from law enforcement agencies such as the FSB or the Ministry of Internal Affairs to conduct unscheduled audits, for example, due to information leaks. In the form of an ultimatum, the “leaders” demand help from law enforcement agencies. Then fake employees of the Ministry of Internal Affairs or FSB contact the victim and begin to “process” him.
“Calls start from “operators”, “researchers” and “curators”. In this case, scammers put on a real show and send photos of their IDs or photos on the form upon request. Korobchenko said that the victim, who gained the trust of the FSB authority or was put under pressure, could be forced to install malware on his computer or disclose confidential company data.
Then the victim begins to be intimidated and blackmailed. There are accusations of revealing state secrets or working with foreign intelligence services.
“After a multi-stage promotion, the attackers expose their legends and blackmail people into paying or doing something illegal: setting fire to the military registration and enlistment office or a car,” the expert said.
According to him, the first of such cases was noticed at the end of last year. However, now the size of mail has increased greatly and the public sector and defense industry are under attack.
If you receive such letters or messages outside corporate communication channels, Korobchenko recommended that you immediately cease communication with the attacker, contact your managers directly and inform the local information security service about the incident. It should be noted, the expert notes, that if the messages involve law enforcement, a financial component, and also contain an element of intimidation, it is always a fraud scheme.
Previously at Kaspersky Lab refuted Google’s statement about the danger of the Russian service “2GIS”.