XDSpy Group Launches Attacks on Russian Metallurgical and Defense Enterprises

Cybersecurity experts at FACCT have issued a warning about new attacks from the cyber-espionage group XDSpy. Malicious email campaigns from the group were detected on November 21-22, 2023. The attacks targeted a Russian metallurgical company as well as a research institute involved in the development of guided missile weapons.

Details of the Malicious Emails

In both cases, the emails featured the logo of a Russian research institute specializing in the design of nuclear weapons complex facilities in the signature. The sender’s address was listed as belonging to a logistics company based in Kaliningrad. Additionally, another email was discovered that targeted Russian metallurgists, but this time it was sent from a Belarusian address.

Researchers note that this November campaign is generally similar to XDSpy’s previously reported summer attacks. FACCT reminds that most of XDSpy’s targets are located in Russia, including government, military, and financial institutions, as well as energy, research, and mining companies. The hacker group has been active since 2011, but international experts still cannot definitively determine which country’s interests it serves.