Kaspersky Lab has identified a new attack scheme targeting Russian companies. Attackers send employees emails allegedly from law enforcement agencies, demanding an inspection of automated workstations (AWS) due to a supposed information security incident. The goal is to trick the user into launching malicious software.
The emails contain PDF documents with inspection notices and questionnaires requesting personal data and information about the work device. It may also be suggested to sign a consent form for a "technical investigation." After filling out the documents, the victim is sent a program, which is actually a Trojan.
The documents contain professional terminology and elements of official document management, which makes the attack convincing. Experts warn that such schemes were previously used in phone scams and are now being applied to attacks on organizations. For protection, it is recommended not to open attachments and programs from suspicious emails and to always report such communications to the company's security service.