Russian cyber attackers recently targeted a number of embassies in Europe by employing a weaponised version of TeamViewer — a popular remote access service and malware disguised as a top secret US government document, according to media reports.
“They typically emailed the officials Microsoft Excel sheets with malicious macros that appeared to have originated from the United States State Department. Once opened, the hackers were able to gain full control of the infected computer by weaponising the installed TeamViewer software,” The Verge reported late on Monday.
The hackers attacked European embassies in Kenya, Italy, Liberia, Nepal, Guyana, Bermuda and Lebanon, among others.
“While Russian in origin, it’s unlikely that these attacks were state-sponsored. One perpetrator was traced back to a hacking and carding forum and registered under the same username, ‘EvaPiks’ on both.
“‘EvaPiks’ posted instructions on how to carry out this kind of cyber attack on forums and advised other users as well,” the report added.
Check Point Research has pointed out several other similar attack campaigns, including some targeting Russian-speaking victims as well.
In a unique online fraud, hackers are tricking people into thinking that they own compensation after being victims of personal data frauds, and under the pretext of offering them money, are fleecing them, a new report said on Monday.
Experts at cybersecurity firm Kaspersky detected this new online fraud scheme where scammers urge users to buy ‘temporary US social security numbers’ worth around $9 each.
Victims were found in Russia, Algeria, Egypt and the UAE as well as other countries.
The scheme involves a website allegedly owned by the Personal Data Protection Fund, founded by the US Trading Commission.
The fund issues compensation to those who may have been subject to a personal data leak and is available to citizens from any country in the world.
For those interested, the site offers to check whether user data has ever been leaked.
For this, one needs to provide their specific surname, first name, phone number, and social media accounts.
Once this has been done, an alert is shown indicating that the user has experienced a leak, which can include data such as photos, videos, and contact information, entitling the user to compensation of thousands of dollars.
“However, fraudsters do not just ask for a user to enter a bank card number and wait for the payment to be credited; users inevitably need to offer their own social security numbers,” the report noted.
In any possible scenario – be it the absence of the SSN or entering the correct existing SSN – the website alerts mistakes and offers to sell a temporary one for the $9 price.
Upon agreement, the victim is redirected to this payment form in Russian or English with the purchase price specified in rubles or dollars, respectively. The specific form depends on the victim’s IP address, the experts noted.
“The scammers themselves are most likely Russian speakers, as suggested by the request for payments in rubles, plus the suspicious similarity of the scheme to other easy money offers that regularly tempt residents of Russia and the CIS (Commonwealth of Independent States),” said Tatyana Sidorina, Security expert at Kaspersky.
The e-bait in those schemes varies — giveaways, surveys, secret retirement savings, even a part-time job as a taxi dispatcher — but they tend to be in Russian (as are some of the preceding links).
The bottom line is always the same: the juicy promise of quite a bit of easy money, followed by a demand to pay for an inexpensive service, be it a commission, a ‘securing’ payment, or a temporary SSN.
“The new scheme is quite a topical one and is related to offering compensation for data leaks. Once some organizations have started to pay users, fraudsters decided there is a monetary opportunity for them as well,” Sidorina added.