Several critical infrastructure organizations in Russia have been targeted by hackers believed to be financially-motivated cybercriminals rather than state-sponsored cyberspies.
An analysis of malicious Word documents led researchers at endpoint security firm Cylance to discover fake websites set up to impersonate the legitimate sites of Russian oil giant Rosneft and two dozen other major Russian companies. The targets included critical infrastructure organizations in sectors such as oil, gas, chemical, and agriculture. The list also included a couple of major financial exchanges based in Russia.
Since many of the targeted organizations are owned by the Russian government, one would expect the fake websites to have been set up by state-sponsored threat actors focusing on espionage. However, a closer analysis revealed that they were actually used by profit-driven cybercriminals for command and control (C&C) purposes.
Source: Security Week