Kaspersky exposes Operation Ghoul spear-phishing campaign

The series of attacks have been launched on the industrial and engineering sectors

Kaspersky Labs has uncovered a series of spear-phishing attacks on engineering and industrial firms, which has been dubbed Operation Ghoul because of its association with greed.

Operation Ghoul has so far attacked 130 countries across 30 countries including Spain, Pakistan, United Arab Emirates, India, Egypt, United Kingdom, and Germany.

It uses spear-phishing emails with malicious attachments sent to middle management as its weapon, disguised as emails sent from a bank based in the UAE. When a victim clicked on the attachment, which was usually presented as a SWIFT document, the malware was downloaded onto the computer.

The malware present on the victim's computer is based on the HawkEye commercial spyware, available on the dark web. It can collect a range of different data points from the user's computer including keystrokes, which could allow the hacker to break into accounts, FTP server credentials, account data from browsers, messaging clients, data from email clients and information about installed applications.

Advertisement
Advertisement - Article continues below

This data can then be sent back to the hacker group and used to launch further attacks on the organisations. Members of Operation Ghoul could also sell the information on the dark web, allowing others to benefit from the company's data too.

"[Operation Ghoul's] main motivation is financial gain resulting either from sales of stolen intellectual property and business intelligence or from attacks on their victim's banking accounts," Mohammad Amin Hasbini, security expert at Kaspersky Lab said.

"Unlike state-sponsored actors, which choose targets carefully, this group and similar groups might attack any company. Even though they use rather simple malicious tools, they are very effective in their attacks. Thus companies that are not prepared to spot the attacks, will sadly suffer."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019