As of January 2025, there were multiple attacks on Russian organizations across several industries, including finance, retail, information technology, government, transportation, and logistics, all of which have been targeted by BI.ZONE. The threat actors have used NOVA stealer, a commercial modification of SnakeLogger, to retrieve credentials and then sell them on underground forums.
It has been identified by the BI.ZONE Threat Intelligence team that a sophisticated cyber-attack is targeting Russian-based organizations across multiple industries. Threat actors are using NOVA stealer, which is a brand new commercial variant of SnakeLogger, to infiltrate corporate networks and steal sensitive information.
As part of a Malware-as-a-Service (MaaS) package, this malware is available for sale on underground forums for a subscription fee of $50 per month. Social engineering tactics are employed by the attackers to spread malware using phishing emails that disguise the malware as an archive that is related to contracts.
It is clear from this campaign that the adversaries greatly increased their chances of success by exploiting well-established file names and targeting employees in sectors with high email traffic.
This campaign demonstrates the persistence of the threat posed by malware that steals your personal information.
This stolen authentication data can be used as a wea
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: