Threat actors have leveraged pirated business automation software to compromise businesses across Russia with the RedLine information-stealing malware as part of an attack campaign that has been underway since January, reports The Record, a news site by cybersecurity firm Recorded Future.
Well-known online forums have been leveraged to spread the cracked software, which was claimed by threat actors to function only if targets would deactivate their antivirus systems, according to a Kaspersky analysis. Disabling such security systems would then enable stealthy compromise of sensitive information. "The attackers behind this campaign are clearly interested in gaining access to organizations of Russian-speaking entrepreneurs who use software to automate business processes," said researchers, who did not attribute the campaign to a specific malicious actor. Such a development comes after RedLine had its infrastructure dismantled as part of an international law enforcement operation that followed the arrest and indictment of its suspected developer and administrator Maxim Rudometov.
