Skip to main content
  1. Home
  2. Computing
  3. News

Russian hackers are targeting U.S. emails with phishing malware

By

Hackers are targeting both U.S. and European email accounts with a new phishing malware, according to a study done by cybersecurity researchers at Palo Alto Networks’ Unit 42.  Named “Cannon,” the malware has been around since October, collecting screenshots and other information from the PCs of unsuspecting victims and sending it back to Russian operatives.

Leveraging a classic social engineering tactic, “Cannon” sends out phishing emails and involves tricking victims into opening messages about recent news events like the crash of an airliner in Indonesia. The emails also contain an attachment to an older formatted Microsoft Word document which requires the macro feature for the file to open successfully. Once the victim opens the file and enables macros, a code then executes and a trojan malware spreads and infects a computer whenever Word is closed.

Recommended Videos

Once the trojan malware is running, it will collect screenshots of the PC desktop in intervals of 10 seconds, and system information every 300 seconds. It then logs into a primary POP3 email account, a secondary POP3 email account, and attempts to get the download path for downloaded information. Finally, it moves all attachments to a specific path and creates a process that sends the email back to a hacker with all attachments.

Related

“In late October and early November 2018, Unit 42 intercepted a series of weaponized documents that use a technique to load remote templates containing a malicious macro. These types of weaponized documents are not uncommon but are more difficult to identify as malicious by automated analysis systems due to their modular nature. Specific to this technique, if the C2 server is not available at the time of execution, the malicious code cannot be retrieved, rendering the delivery document largely benign,” explains the Unit 42 research unit.

“Cannon” appears to be linked to Sofacy, a hacking group which has previously distributed “Zebrocy” and other similar malware linked back to the Russian government. To protect against these types of phishing attacks, it is always best to avoid opening emails from suspicious email addresses. Even though Microsoft has taken steps to block malicious macros, it also is best to not to use the feature and avoid it entirely. You also should keep your antivirus up to date and make sure that you’re running the latest versions of Windows 10.

Editors’ Recommendations

Topics
Arif Bacchus
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
This new malware is targeting Facebook accounts – make sure yours is safe
Facebook logo appears with a hooded figure over a cracked blue background.

In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.

The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.

Read more
As ransomware hits this U.S. hospital, lives could be at risk
The CommonSpirit Health’s logo appears over the silhouette of a hacker.

A large U.S. hospital chain has been suffering from a serious security breach that has led to its computer records being taken offline. What seems to be a ransomware attack could be affecting the quality of health care provided, possibly even putting lives at risk.
According to the industry-focused news site HealthCareDive, the attack was described as an IT incident by CommonSpirit Health and reported on October 3, 2022. This is a huge hospital chain with 1,000 care sites and 140 hospitals nationwide so thousands of patients are affected. The current solution, according to a statement on CommonSpirit Health’s website, has been to take certain systems offline.

Like the rest of us, doctors and nurses are accustomed to the technology of the 21st century and have come to rely on computer records to take care of patients, plan care options, and organize data. Reverting to paper in an already hectic healthcare system must make the job torturous. We'll never know how many critical details slip through the cracks during a busy day.

Read more
New COVID-19 phishing emails may steal your business secrets
Woman Checking Her Email

Google Forms are being used as a way to obtain the sensitive information of business owners through COVID-19 phishing emails, according to a new report.

As reported by Bleeping Computer, phishing messages based on COVID-19 have started to become increasingly popular in recent weeks.

Read more