A Russian-speaking threat actor has been targeting hundreds of industrial enterprises for more than two years, Kaspersky’s security researchers report.
Focused on companies in Russia, the ongoing attacks are highly targeted, leveraging phishing emails for malware deployment. In some cases, legitimate documents that were stolen in previous attacks are leveraged for social engineering.
Another characteristic of these attacks is the use of remote administration utilities, including Remote Manipulator System/Remote Utilities (RMS) and TeamViewer. Malware is employed to hide the user interface of these programs, to avoid attracting attention.
The campaign was first detailed in 2018, when Kaspersky said that more than 400 organizations had been hit. Now, the security researchers reveal that the attackers have updated their techniques and that the number of victim organizations has increased.