A surge in malicious attacks was exposed by researchers yesterday. This series of attacks is particularly worrisome since it is reported to be targeting industrial and engineering companies in 30 countries across the globe.
Nicknamed "Operation Ghoul" by the researchers, the cybercriminals utilize spear-phishing emails loaded with malicious spyware to steal valuable corporate data in this new campaign.
Spear phishing is a form of targeted email scams aimed specifically at an individual or organization. By sending out carefully crafted emails with identifiable personal data, the attackers make it appear that the messages are coming from legitimate and trusted sources.
If the victim falls for the trap and opens a malicious attachment or link, spying malware and data theft software could then be installed on a machine or a network, leading to more attacks.
Operation Ghoul was first detected in June of this year. Emails that appeared to be sent from a United Arab Emirates bank began appearing in the inboxes of high and mid-level managers of various companies. The emails appeared to have valid payment information but they actually contained a malicious SWIFT attachment that installs spying malware on the victim's machine.
The attached malware is said to be derived from the HawkEye set of spyware tools, obtainable from the Dark Web. Once installed, the malware collects vital information such as keystrokes, clipboard data, installed applications, and account data from browsers and email/messaging clients.