Kaspersky Lab spoke about a surge in attacks on companies in the form of malicious mailing lists allegedly on behalf of various universities, including Russian ones.
According to experts, the attackers’ task is to hide behind the authoritative name of the university, to force the recipient to open the attached file. It contains malware that can infect a corporate device and take control of company computers. If since the beginning of the year, on average, several dozen such messages were recorded per day, then on April 13 there was a surge – about 2 thousand such letters were already detected.
Malicious letters were written, among other things, on behalf of Moscow State University. M. V. Lomonosov, Bucharest University of Romania, RWTH Aachen University of Technology, Aristotle University of Thessaloniki, Ankara University, Autonomous University of Nuevo Leon, Catholic University of Bolivia.
As part of such mailing, the user receives a letter with an attachment – an archive or a familiar office document containing a macro. In the message, the attacker can introduce himself as an employee or contractor of the university and report that he has sent some kind of “offer”, “attached the budget”, or asks to see the order or price list that is in the attachment.
The attachment contains malware that exploits a vulnerability in older versions of programs from the Microsoft Office suite. If a user opens an attachment, it opens the way for malware, which can be used by an attacker to upload any files to the system, upload confidential data from it, in particular passwords, documents, and run any commands for further infection.