Kaspersky Lab has identified a series of cyberattacks on Russian organizations working in the healthcare sector: the goal of the attackers is to collect financial data.
Cybercriminals are reported to be using previously unknown CloudMid malware with spying functionality. The malware is sent by email disguised as a VPN client from a well-known Russian company.
It is important to note that the attacks are targeted. Only a few organizations in certain regions received email messages containing the malware.
The attacks were recorded in the spring and early summer of this year. It is possible that in the near future the attackers will organize a new wave of attacks.
Once installed in the system, CloudMid starts collecting documents stored on the infected computer. To do this, in particular, the malware takes screenshots several times a minute.
Kaspersky Lab experts discovered that attackers collect contracts, referrals for expensive treatment, invoices, and other documents from infected machines that somehow relate to the financial activities of healthcare organizations. This information can later be used to receive money fraudulently.
Source: 3dnews.ru