The experts recorded the largest malicious campaign on behalf of Velanna Saveliev
Under the guise of letters from the tax criminals distribute software that allows you to take complete control over the computer.
According to Group-IB, from 27 July to present legal entity and public institutions receive emails ostensibly on behalf of FTS, in which recipients are asked to be in the “Main Office on
Russia” for “testimony on cash flows”. The threat lies in the attachment to the letter is a fake document you want to print and fill out.
In fact, in the attachment is an archive called “zapros-dokumentov.rar” which one files and a text file with the password from him. Once the victim opens the enclosure is downloaded to the computer
the program for remote device control RMS (Remote Manipulator System).
In itself is legitimate and because the majority of antiviruses ignore it. However, as told the experts, in this case, the attackers modified the program, while achieving a
way full remote control over the attacked device.
In addition, the success of the distribution is due to two key points. First, the sender listed info@nalog. EN, but in fact the emails are sent from public mail services, and
the headers are forged. Secondly, the author presses on the recipient’s threats of sanctions under the criminal code.
It should be noted that the present newsletter on behalf of on is sent only to those who have confirmed their email in a private office, and often contains only information about changes in LK, Oh
registration of the appeal and receipt of a response. The tax itself does not send taxpayers emails on the availability of debt and offers to pay the debt in the mode
online.
Phishing attacks — a real headache that will not cease to grow and improve. At the moment in Russia more than 1 million of fake sites that copy the official
resources companies, and their number is constantly growing. Evaluation of Group-IB, in the second quarter of 2020 the number of phishing pages has increased by 71%, while only in the banking sector, the Central Bank
revealed 119 thousand fake e-mail addresses.
Phishing
Group-IB
