Uncategorized

‘Ghoul’ malware targeting small and medium sized industrial businesses

Security researchers have identified a hacking group targeting small- and mid-sized industrial manufacturers in more than 30 countries, apparently to drain their bank accounts or steal their intellectual property.

By Shaun Waterman

August 17, 2016

Researchers from Kaspersky Labs dubbed the group “Ghoul,” in a blog post Wednesday.

“The attackers try to lure targets through spear-phishing emails that include compressed executables,” wrote researcher Mohamad Amin Hasbini, saying they had detected 130 infected company networks so far, but that the group’s use of “commercial off-the-shelf malware makes attribution of the attacks more difficult.”

The group’s malicious software is “based on” commercially available Hawkeye spyware, according to the post, which offers wide range of capabilities for the attackers, plus the anonymity of using commodity code which cannot be linked to them.

In the latest wave of attacks, heavily concentrated in the Middle East, the emails are forged, or “spoofed,” to appear to be coming from a bank in the UAE, with a payment advice attached. Earlier waves employed links to malicious sites. They are “mostly sent to senior members and executives of targeted organizations,” Hasbini writes.

[Read more: The fixes needed to fight phishing.]

If victims click on the attachment, the malware installs itself and begins collecting data such as keystrokes, clipboard contents and the details accounts from local browsers, messaging apps and email clients. The data is exfiltrated by http or email to an IP address which “seems to belong to a compromised device running multiple malware campaigns., providing another layer of anonymity for the hackers.

Ghoul hacking group – number of victim networks by country (Source: Kaspersky Labs)

Map showing the geographical distribution of targets of the “Ghoul” hackers’ group (Source: Kaspersky Labs)

The targets are spread across the globe, although most are in the Middle East or Europe, and they span industrial sectors from military shipbuilding to petrochemical and pharmaceutical, aerospace, solar energy and plastics.

Kaspersky says its researchers identified victims using both Windows and Mac OS X devices, as well as iPhones and Androids.

‘Ghoul’ malware targeting small and medium sized industrial businesses

More Like This

Government shutdown would cause ‘terrible’ disruptions to federal cyber defenses, industry leaders say

GSA undertaking study to examine racial bias in facial recognition tech

State Dept must study ability of US allies to combat cybercrime: GAO

Top Stories

State Department encouraging workers to use ChatGPT

Federal CIO calls on Congress to fund Technology Modernization Fund

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

More Scoops

Why it’s such a bad idea for Trump to use an off-the-shelf smartphone

MarsJoke ransomware variant targets local and state governments

How one company lost $40M from an increasing popular email scam

FTC chief: Ransomware is the most profitable malware ever devised

Report: Hackers increasingly use encryption to hide malware

Uncovered sophisticated spyware forces an iOS update

Scammers promise video proof of fake Clinton scandal, victims get malware instead

Latest Podcasts

‘Ghoul’ malware targeting small and medium sized industrial businesses

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition