In 2025, there was a surge in the number of incidents where fraudsters attacked Russian organizations through electronic document management systems.
Attackers actively used the Pure, Venom, and Buhtrap Trojans, which were encountered by almost 12,000 corporate users. Kaspersky Lab presented these data at a press conference dedicated to the results of 2025 and forecasts for 2026.
The most common method of penetration was the distribution of the Pure Trojan through targeted mailings with headings imitating accounting documents. The largest number of attacks occurred on companies from manufacturing, retail, consulting, transport and logistics, as well as the IT sector. In the second quarter, almost 5,000 attack attempts were blocked.
Attackers use social engineering methods, sending letters with fake documents via EDI or e-mail. After infecting the device, they can replace the details in the invoices for payment or use the compromised password from the employee's token to access the remote banking system.
