Kaspersky Lab, which specializes in developing systems to protect against cyber threats, reported a fraudulent mailing on behalf of The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), which has become widespread in Russia
In April, Kaspersky Lab uncovered a series of cyber attacks on system administrators of sites in Russia. By April 23, the company detected about 4 thousand emails containing fraudulent messages sent to more than 2 thousand e-mail addresses. The mailing peaked on April 16-17, but the messages are still coming in.
The purpose of the cyber attack is to infect web resources managed by sysadmins and gain access to the site management. If successful, hackers will be able to create pages, post any information and download files.
Under the guise of a regulatory authority, intruders are sending fraudulent notifications about the need to confirm the fact of domain name management.
The letter contains instructions according to which it is necessary to create a file with specified content in the root directory of the site. In reality, the sysadmin runs a Trojan program with his own hands to remotely control the victim’s computer.
“To confirm that you have the actual ability to manage the domain name, create a file (with the .php extension) in the root directory of the site”, says the text of the fraud letter.
“In order not to give the recipient time to suspect something wrong, he was required to execute the instruction in a short time – within three days”, said Alexander Liskin, head of Kaspersky Lab’s antivirus research laboratory.
“Site administrators are often subjected to attacks, for example, hackers extorted money from them by sending fake notifications about the approaching deadline for completing the site lease. But this time the goal of the attack is to gain access to site management. Attackers are doing everything to convince recipients that the letter is authentic: the sender is listed as a regulatory agency and an appropriate emblem is added to enhance the effect”, said Liskin.
The expert recommended remaining vigilant when receiving messages from unknown senders in emails and messengers and to double-check the information supposedly from official bodies. It is still unknown who was behind the attack, the company’s specialists are investigating the cyberattack.
