BY: David Bisson
Attackers abused the website of a Ukraine-based accounting software developer to serve banking malware to unsuspecting users.
The attack occurred in August 2017 around the Independence Day holiday in Ukraine. At around that time, unknown individuals hacked the website for Crystal Finance Millennium (CFM), a Ukrainian company which provides accounting software along with other services. Those bad actors subsequently leveraged their unauthorized access to host all kinds of malware, including the Smoke Loader downloader and PSCrypt ransomware.
It’s not clear just how the malefactors compromised CFM’s website. Their method of attack isn’t a new one, however. As Cisco’s Talos researchers explain:
full article here:
Ukrainian Accounting Software Developer’s Website Abused to Push Out Banking Malware
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.