During the first ten months of 2023, cyber incidents targeting Russian companies showed a troubling trend: 20 percent of breaches involved use of legitimate login credentials stolen from utilities. This analysis was provided by Oleg Skulkin, head of BI.ZONE’s cyber intelligence department, and reported to socialbites.ca.
Experts explain that attackers frequently obtain corporate credentials by sending phishing emails with malicious attachments. The attachments typically carry custom malware designed to harvest passwords or provide remote access to compromised devices. In many cases, the malware operates as a credential thief or as a remote access tool, enabling attackers to move laterally within networks.
Phishing emails continue to be a dominant entry point for initial access in targeted operations. In one observed campaign, a malware-based email approach successfully compromised up to 400 companies. The attackers often rely on credential-stealing software augmented by remote administration tools to control infected systems and exfiltrate sensitive data.
In several instances, the messages appeared to come from a so-called business partner or customer. Recipients were asked to open an attachment to verify whether products listed in the correspondence were available. The email then sought immediate confirmation of delivery dates referenced in the document, prompting the recipient to open the file. Once opened, the malicious payload was installed on the computer, giving attackers a foothold within the organization.
Skulkin noted that the accessibility of malicious programs has increased, in part due to the malware-as-a-service model. Under this arrangement, developers license their tools to others for a fee, allowing even less technically skilled criminals to execute sophisticated attacks. This commodification of malware lowers barriers to entry for cybercriminals and contributes to a broader threat landscape.
Previously, Russian companies were warned about a new category of devastating distributed denial-of-service (DDoS) attacks, underscoring how rapidly threat actors adapt their tactics to disrupt business operations across sectors. Organizations are advised to strengthen security awareness, implement multi-factor authentication, monitor unusual login activity, and maintain robust email security controls to mitigate such risks. BI.ZONE’s researchers emphasize a layered defense approach that combines user education, proactive threat detection, and rapid incident response in order to reduce exposure to credential theft and unauthorized access.