Hackers attacked the famous Russian media for the second time

In the spring of 2018, hackers infected Russian-language News sites with the banking Trojan Buhtrap. The virus was spreading through watering-hole attacks.

Criminals hid the virus on the main pages of many Russian-language News sites. Employees of Financial Departments of different organizations have become their victims. The main purpose of cybercriminals was to steal money from the accounts of legal entities.

Experts of Kaspersky Lab reported on the second attack on the website of the famous Russian media. Name of the resource is unknown. Hackers hid malicious code on all pages of the site. It redirects visitors to a landing page with the exploit pack.

Hackers are using new exploits for CVE-2018-8174 vulnerabilities (bug in Internet Explorer) and CVE-2018-8120 (privilege escalation in Windows).

In addition, cyber criminals used obfuscation script. It complicates the processes of analysis and detection of the virus.

Like the last time, hackers used free SSL\TLS certificates "Let's Encrypt".

The researchers concluded that hackers improved the quality of work. For example, hackers for the first time used an exploit for a new vulnerability in Internet Explorer. This increases the chances to infect the victims with the banking Trojan. It's especially dangerous because the famous Russian media with millions of readers will spread the virus.