Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
Hacking by estimate: Spanish extortionists disguise themselves as clients of architectural organizations
Message
<blockquote data-quote="Carders" data-source="post: 261" data-attributes="member: 17"><p>A clear and well-thought-out social engineering campaign is paying off — dozens of firms ' data is encrypted.</p><p></p><p>Spain's National Police are warning of an ongoing "LockBit Locker" ransomware campaign targeting architecture companies in the country through phishing emails.</p><p></p><p>"A wave of emails sent to architectural companies was detected, although it is possible that the actions of intruders may spread to other sectors," the police said in a statement.</p><p></p><p>According to the police, the detected campaign has a high level of complexity, since victims do not suspect anything until their devices are fully encrypted.</p><p></p><p>Many emails in the malicious mailing list are sent on behalf of a nonexistent domain "fotoprix.eu". The attackers pretend to be a newly opened photo salon and allegedly want to order a reconstruction plan for the premises from an architectural firm.</p><p></p><p>After several emails to establish trust, the ransomware offers to set up a meeting to discuss the budget and details of the construction project, along with sending an archive of documents that should contain exact specifications for the architects ' calculations and preparation of a plan for the upcoming reconstruction.</p><p></p><p>This archive is a disk image in the ".img " format, which is automatically mounted as a removable Windows disk when opened. Inside the disk is the folder "fotoprix" with numerous Python scripts, batch and executable files. There is also a Windows shortcut called "Characteristics", which is launched by a malicious Python script.</p><p></p><p>The analysis of specialists showed that this script checks whether the user is a device administrator and, if so, introduces itself to startup and launches the LockBit ransomware to encrypt files.</p><p></p><p>Spanish police emphasize the "high level of sophistication" of these attacks, noting the sequence of communications that convince victims that they are interacting with real people who are genuinely interested in discussing the details of the architectural project.</p><p></p><p>Although the ransomware note mentions links to the well-known LockBit group, experts believe that hackers simply use the LockBit 3.0 malware constructor that leaked at the end of last year, which served as a convenient tool for hundreds of attacks, while the group itself has nothing in common with real LockBit hackers.</p><p></p><p>Given the sophistication of phishing emails and social engineering, it is likely that responsible attackers are already preparing plausible baits for other sectors of Spanish business. But nothing prevents them from expanding the geography of their attacks to other countries.</p><p></p><p>Criminals use of similar methods of initial penetration is extremely disturbing, as positioning themselves as legitimate clients can help hackers overcome obstacles such as anti-phishing training of targets, reliably lulling them into vigilance.</p></blockquote><p></p>
[QUOTE="Carders, post: 261, member: 17"] A clear and well-thought-out social engineering campaign is paying off — dozens of firms ' data is encrypted. Spain's National Police are warning of an ongoing "LockBit Locker" ransomware campaign targeting architecture companies in the country through phishing emails. "A wave of emails sent to architectural companies was detected, although it is possible that the actions of intruders may spread to other sectors," the police said in a statement. According to the police, the detected campaign has a high level of complexity, since victims do not suspect anything until their devices are fully encrypted. Many emails in the malicious mailing list are sent on behalf of a nonexistent domain "fotoprix.eu". The attackers pretend to be a newly opened photo salon and allegedly want to order a reconstruction plan for the premises from an architectural firm. After several emails to establish trust, the ransomware offers to set up a meeting to discuss the budget and details of the construction project, along with sending an archive of documents that should contain exact specifications for the architects ' calculations and preparation of a plan for the upcoming reconstruction. This archive is a disk image in the ".img " format, which is automatically mounted as a removable Windows disk when opened. Inside the disk is the folder "fotoprix" with numerous Python scripts, batch and executable files. There is also a Windows shortcut called "Characteristics", which is launched by a malicious Python script. The analysis of specialists showed that this script checks whether the user is a device administrator and, if so, introduces itself to startup and launches the LockBit ransomware to encrypt files. Spanish police emphasize the "high level of sophistication" of these attacks, noting the sequence of communications that convince victims that they are interacting with real people who are genuinely interested in discussing the details of the architectural project. Although the ransomware note mentions links to the well-known LockBit group, experts believe that hackers simply use the LockBit 3.0 malware constructor that leaked at the end of last year, which served as a convenient tool for hundreds of attacks, while the group itself has nothing in common with real LockBit hackers. Given the sophistication of phishing emails and social engineering, it is likely that responsible attackers are already preparing plausible baits for other sectors of Spanish business. But nothing prevents them from expanding the geography of their attacks to other countries. Criminals use of similar methods of initial penetration is extremely disturbing, as positioning themselves as legitimate clients can help hackers overcome obstacles such as anti-phishing training of targets, reliably lulling them into vigilance. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
Hacking by estimate: Spanish extortionists disguise themselves as clients of architectural organizations
Top