Researchers say they have uncovered an industrial hacking scheme that struck 130 organizations in 30 countries.
Kaspersky Lab, which discovered the scheme, is calling the group “Operation Ghoul.”
According to the security services provider, Operation Ghoul targets bank accounts and intellectual property from primarily small to medium-sized industrial businesses.
The attackers, Kaspersky said, use largely an off-the-shelf, commercial malware program known as Hawkeye that is capable of recording keystrokes, monitoring browser and email data, and stealing FTP server credentials.
Kaspersky noted that more than a quarter of the infected organizations were from Spain and Pakistan. Companies in those countries — along with India, Egypt, and the United Arab Emirates — accounted for more than half of those affected. Kaspersky
Ghoul works through "phishing" emails, which trick victims into downloading malicious software by appearing to be legitimate messages.
“Operation Ghoul is one of the many attacks in the wild targeting industrial, manufacturing and engineering organizations,” wrote Kaspersky in a blog post reporting the attack. “Kaspersky Lab recommends users to be extra cautious while checking and opening emails and attachments.”