Home Casey Spam attack on a manufacturing company
'
30 December 2020

Spam attack on a manufacturing company

*in order to preserve confidentiality, the name of the company is hidden

FS Group was contacted by one of the largest strategic budget-forming state-owned enterprises with the problem of spam attacks on their mail server

During the investigation (OSINT / underground):

  • the command center is installed (admin panel of the bot)
  • received an OS dump from a hosting provider
  • OS dump analysis performed

Also found:

  • Smokebot is a modular bot that, after loading, performs all tasks and removes itself, that is, it is not installed on the system

Modules:

  1. STEALER – a module for collecting saved passwords from various programs (browsers, FTP, Mail), all passwords are collected and sent to the control center (bot admin panel)
  2. FORM GRAB is a form grabber that works in real time with all browsers, intercepts all POST requests, authorization forms, payment data, etc.
  3. PASS SNIF is a password sniffer that works in real time with all applications, can intercept passwords, all data is also sent to the admin panel

A person was established, as well as accounts on underground forums, where it was established:

  • forum name
  • registration date
  • number of posts on the forum
  • most posts on the topic: security and hacking
  • date of last visit to the forum

During the analysis of the activity on the forum, it was found that the hacker was looking for a loader to download software that would infect executable files on all disks, flash drives, etc., and after reinstalling the OS without formatting, there was a hope that the bot would launch the loader. The hacker’s budget was $ 3,000

Approach and result

  • check carried out
  • built a blocker model with subsequent verification
  • it is determined that the hacker was a candidate for employment in the client’s company
  • refusal to cooperate with a compromised candidate

Business effect

  • financial risks averted
  • reputational risks are prevented

Схожі новини

Anti-phishing solution for the bank
30 April 2021

Anti-phishing solution for the bank

Read more
Investigation of a cyber attack on a telecommunications provider
29 January 2021

Investigation of a cyber attack on a telecommunications provider

Read more

Like many other companies, FSG uses cookie technology on its websites to improve your user experience, as well as for the correct operation of the website.

If you agree to the use of all cookies on this site, click the Ok button. To learn more about cookie technology, its benefits and how FSG uses it, check out our Privacy Policy.