According to Kaspersky Lab experts, the malware attacks Russian enterprises from various fields, from mechanical engineering to medicine. It is unclear which group developed Loki, but it is obvious that its creators used the popular open-source Mythic framework.
Mythic was originally developed as a remote management tool for simulating cyberattacks and assessing system security. It allows you to create agents in any language for any platform with the functionality required by the developer, which is what the attackers took advantage of. They developed a private version of the agent.
Loki gets onto the victim's computer via email, and then an inattentive user launches it themselves. Experts came to this conclusion after studying the files where the malware was found. They had harmless names such as "estimate_27.05.2024.exe", "For_approval_of_publication_
Like many other backdoors, Loki can execute various commands on an infected device. Attackers can download any file from it, as well as upload and run any malicious tool. In some cases, attacks using such backdoors ended not only with the leakage of confidential data, but also with the complete loss of all files stored in the compromised system.
To protect corporate infrastructure, Kaspersky Lab experts recommend:
- regularly update software on all devices so that attackers cannot exploit vulnerabilities and penetrate the corporate network;
- do not open access to remote desktop services (such as RDP) from the Internet, instead use corporate VPNs, and always use strong passwords for such services;
- provide cybersecurity staff with access to up-to-date information on the latest tactics, techniques, and procedures of attackers;
- install a reliable security solution, the effectiveness of which is confirmed by independent testing laboratories;
- use comprehensive security solutions that will allow you to build a flexible and effective security system;
- train and instruct your employees on how to ensure the security of the corporate environment.
Read materials on the topic:
New virus for smartphones on Android OS steals money through NFC chip
MIA: cybercriminals transferred more than 350 billion rubles abroad in three years