Solar Group: hackers steal data from Russian companies under the guise of conducting “information security lessons”

Experts from the Solar AURA Center for External Digital Threats of the Solar Group have identified a fake email on behalf of Russian departments warning about conducting “information security lessons” for employees of Russian companies. However, instead of real information security specialists, attackers contact employees and convince them to hand over confidential data about the company.

Fake letters on behalf of departments are sent to the heads of Russian companies. The attachment contains an electronic document on the letterhead of a non-existent department, which allegedly notifies of plans to hold consultation conversations with company employees on issues of ensuring information security and personal data protection.

According to the “document”, the content of the conversations is confidential and not subject to disclosure, and the head of the organization who received the letter should warn his subordinates about the upcoming call.

After this, the “trained” company employees receive calls, but not from information security specialists, but from attackers. They induce employees to transfer confidential information, including to enter the company’s information infrastructure. Obviously, there are two possible scenarios: the obtained data is sold on the black market or directly used to carry out an attack.

“Previously, we reported on a scheme where the CEO supposedly writes to employees on a Telegram account and warns them about an upcoming call from the FSB, but in this case the “weak link” is the head of the company himself. If he believes the information contained in the letter and personally warns employees about the future conversation, then the attackers’ chances of success will significantly increase. It’s safe to say that we are observing a new round in the development of social engineering, which is becoming more sophisticated each time and arouses less and less suspicion among victims,” explained Igor Sergienko, director of the Solar AURA external digital threat monitoring center of the Solar Group «.

To protect against social engineering, Solar AURA experts recommend following the following rules:

1. Do not dictate one-time codes or passwords over the phone and do not forward them to anyone.
2. Do not provide personal information on suspicious and unofficial websites, as well as in conversations with strangers.
3. When receiving a letter to the organization on behalf of government authorities without an electronic signature, you should contact the records management department of this authority to clarify the accuracy of the information.
4. Use anti-virus software for additional protection against malware and phishing attacks.