Kaspersky Lab identified a new scheme for distributing the BrockenDoor backdoor. Whereas attackers had previously targeted medical institutions, industrial enterprises have now become their focus. Malicious emails are disguised as notices about violations found during pre-trip vehicle technical inspections and drivers' medical examinations. The attachment contains a Trojan that allows the attackers to control the infected computer and collect confidential data.
The attackers claim that signs of an administrative violation were identified at the organization during an inspection. The attachment supposedly contains an inspection report and a form for explanations. The files are placed in a password-protected archive, with the password provided in the email. After being installed on the victim's computer, the program connects to the attackers' server and transmits information about the user and the system, as well as a list of files on the desktop. If this appears interesting to them, the backdoor receives commands to launch further attack scenarios.
Anna Lazaricheva, a spam analyst at Kaspersky Lab, emphasized the importance of training employees in the basics of cybersecurity and using reliable security solutions. Despite the change in the pretext and targets, the attackers' main techniques have remained the same: they rely on the human factor and carefully disguise emails by using the names of real agencies and email addresses that resemble official ones.