Cybercriminals from the ART31 group started using Yandex.Disk in their attacks on users’ computers, reports “News” with reference to data from the security company Positive Technologies. According to experts, this is the first time they are correcting this fact – previously hackers preferred foreign storage, such as Dropbox or OneDrive.
Infection occurs according to the following scenario – the victim receives a Word document with a macro by e-mail. It downloads to its computer the document itself, which acts as a bait, and an executable to access the malicious library and the library itself.
According to PT experts, the executable is a component of Yandex.Browser that is vulnerable to cyberattacks.
“Yandex.Browser” is not used in its entirety, ie any other file can be opened on the user’s computer, it is a specific file. Then the virus goes to Yandex Disk and takes the commands it needs from there,” he said.
Positive Technologies noted that since the beginning of 2022, ART31 hackers have attacked a number of media outlets and companies in the fuel and energy sector as described above.
Formerly socialbites.ca reportedHe said Russian hackers declared war on the largest arms manufacturer in the United States.