Kaspersky exposes Operation Ghoul spear-phishing campaign

The series of attacks have been launched on the industrial and engineering sectors

Kaspersky Labs has uncovered a series of spear-phishing attacks on engineering and industrial firms, which has been dubbed Operation Ghoul because of its association with greed.

Operation Ghoul has so far attacked 130 countries across 30 countries including Spain, Pakistan, United Arab Emirates, India, Egypt, United Kingdom, and Germany.

It uses spear-phishing emails with malicious attachments sent to middle management as its weapon, disguised as emails sent from a bank based in the UAE. When a victim clicked on the attachment, which was usually presented as a SWIFT document, the malware was downloaded onto the computer.

Advertisement - Article continues below

The malware present on the victim's computer is based on the HawkEye commercial spyware, available on the dark web. It can collect a range of different data points from the user's computer including keystrokes, which could allow the hacker to break into accounts, FTP server credentials, account data from browsers, messaging clients, data from email clients and information about installed applications.

This data can then be sent back to the hacker group and used to launch further attacks on the organisations. Members of Operation Ghoul could also sell the information on the dark web, allowing others to benefit from the company's data too.

"[Operation Ghoul's] main motivation is financial gain resulting either from sales of stolen intellectual property and business intelligence or from attacks on their victim's banking accounts," Mohammad Amin Hasbini, security expert at Kaspersky Lab said.

Advertisement
Advertisement - Article continues below

"Unlike state-sponsored actors, which choose targets carefully, this group and similar groups might attack any company. Even though they use rather simple malicious tools, they are very effective in their attacks. Thus companies that are not prepared to spot the attacks, will sadly suffer."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020