According to Kaspersky Lab experts, the malware attacks Russian enterprises from various fields, from mechanical engineering to medicine. It is unclear which group developed Loki, but it is obvious that its creators used the popular open-source Mythic framework.
Mythic was originally developed as a remote management tool for simulating cyberattacks and assessing system security. It allows you to create agents in any language for any platform with the functionality required by the developer, which is what the attackers took advantage of. They developed a private version of the agent.
Loki gets onto the victim's computer via email, and then an inattentive user launches it themselves. Experts came to this conclusion after studying the files where the malware was found. They had harmless names like "смета_27.05.2024.exe", "На_согласование_публикации_<предприятие>.rar", "ПЕРЕЧЕНЬ_ДОКУМЕНТОВ.ISO".
Like many other backdoors, Loki can execute various commands on an infected device. Attackers can download any file from it, as well as download and run any malicious tool. In some cases, attacks using similar backdoors ended not only in the leakage of confidential data, but also in the complete loss of all files stored in the compromised system.
To protect corporate infrastructure, Kaspersky Lab experts recommend:
- regularly update software on all devices so that attackers cannot exploit vulnerabilities and penetrate the corporate network;
- do not open access to remote desktop services (such as RDP) from the Internet, instead use corporate VPNs, and always use strong passwords for such services;
- provide cybersecurity staff with access to up-to-date information on the latest tactics, techniques, and procedures of attackers;
- install a reliable security solution, the effectiveness of which is confirmed by independent testing laboratories;
- use comprehensive security solutions that will allow you to build a flexible and effective security system;
- train and instruct your employees on how to ensure the security of the corporate environment.
Read materials on the topic:
Приложение-убийца компьютеров и смартфонов распространяется под видом YouTube для Windows
Новый вирус для смартфонов на ОС Android крадёт деньги через чип NFC
МВД: киберпреступники вывели за границу более 350 миллиардов рублей за три года