Cybercriminals use Strela Stealer malware to target victims in Spain, Germany, and Ukraine

0
214
Cybercriminals use Strela Stealer malware to target victims in Spain, Germany, and Ukraine
Cybercriminals use Strela Stealer malware to target victims in Spain, Germany, and Ukraine

Researchers have discovered an ongoing information-stealing activity by cybercriminals that targets victims across Europe, namely in Spain, Germany, and Ukraine.

Phishing emails masquerading as genuine invoice notifications have been used to infect targets with Strela Stealer malware by the financially motivated gang known as Hive0145.

According to IBM X-Force researchers who examined the most recent campaigns, the group recently started using stolen emails from legitimate companies in the financial, technology, manufacturing, media, e-commerce, and other sectors, even though at first they relied on phony invoices and receipts sent from fictitious accounts.

The purpose of Strela Stealer is to retrieve user credentials from Mozilla and Microsoft email systems. The malware has been attacking companies in the U.S. and Europe since at least 2022. It is thought that Hive0145 is the only person using the tool.

According to researchers, the gang has been experimenting with different methods to strengthen the Strela Stealer infection chain for the past two years, and the number of its attacks has increased.

Hive0145 most likely tricks victims into transferring money or private information over email by using credentials that have been stolen. In order to further damage company emails, the hackers might potentially sell stolen emails to affiliates.

Researchers found that, despite changing methods, Strela Stealer’s functionality hasn’t changed much in the last two years. The most recent version of the malware not only targets two email clients but also gathers system data, fetches a list of installed software, and determines the victim’s keyboard language to specifically target users of Spanish, German, Catalan, Polish, Italian, Basque, or Ukrainian.

Hive0145 has not been linked by researchers to a particular nation. The government of Ukraine has previously documented a rise in financially driven cyberattacks by unidentified hacking organizations connected to Russia. Similar to Hive0145, the hackers mostly used phishing efforts to spread malware, frequently utilizing email accounts that had already been hacked.

Also readViksit Workforce for a Viksit Bharat

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.