Cisco researchers have discovered that a flurry of cyberattacks has been sweeping across Europe since July 2024. The attacks are based on a new malware, considered "sophisticated" by experts, Tornet. The virus is used as a backdoor to penetrate the computer systems of many European companies.
Phishing and theft of banking data
To spread the malware on the targeted system, hackers rely on phishing attacks. Calibrated to trap employees, phishing emails pretend to come from financial and industrial institutions. As always, identity theft allows cybercriminals to lull their victims' suspicions. This mechanism is also found in most phishing attacks.
In this case, the emails present themselves as "fake money transfer confirmations and fake order receipts". This is ideal for pushing the target to respond urgently, without asking too many questions. These fake documents are sent in an attachment, compressed with GZIP. Compression allows hackers to evade antivirus software.
Through emails, hackers push the target to install the Tornet malware on the company's computer. Once in the system, Tornet will download and install other malware, such as Agent Tesla, a Trojan horse that offers hackers complete remote access. In the process, the hackers deploy Snake Keylogger, a sensitive data stealer designed to exfiltrate identifiers and banking details.
To avoid detection, the attacker temporarily disables the computer's connection before inserting the backdoor. Then, he reconnects the machine. This process allows him to bypass the security mechanisms on the companies' cloud. Finally, the hackers use the backdoor to hide all communications with a remote server.
The cybercriminals, motivated by the lure of profit, are mainly targeting companies located in Germany and Poland for the moment. It is mainly "industrial companies, logistics providers and financial institutions" that interest hackers.
France in the sights of hackers?
As the Cisco report explains, it is possible that France is in the sights of cybercriminals behind these attacks. According to the researchers, this is a "major threat that could now affect France". Indeed, France is "particularly vulnerable" to this wave of cyberattacks.
This new threat is emerging from the shadows as France has become one of the preferred targets of cybercriminals. The countless data leaks of recent years have contributed to putting French companies, and individuals, in the crosshairs of hackers.
In most cases, attacks are based on compromised data upstream. It is thanks to this data, massively shared on black markets, that hackers shape their cyberattacks. This is particularly the case for phishing attacks, the effectiveness of which depends on the quantity of information in the hands of the crooks.
0 Comments