Phishing Attacks Target Russian Industrial Companies with HR Recommendation Scam

By Ava McKinneyOnline Safety

“Give a Recommendation to a Colleague”: The Phrase That Signals a Factory Cyberattack

Experts from RED Security SOC and CICADA8 have reported on the activities of a hacker group carrying out targeted attacks on Russian companies in the industrial and engineering sectors. The attackers use advanced phishing schemes to steal employee credentials. According to specialists, several major manufacturing organizations have already been affected by these attacks.

How the Attack Works

During the preparation stage, cybercriminals analyze internal personnel changes within companies-finding out who recently left, which department they worked in, and who may have interacted with them. Then, emails are sent to the work addresses of the former colleague’s contacts. In these emails, the attackers pose as HR specialists from the company where the former employee is supposedly applying for a job. The recipient is asked to provide a reference by clicking a link and logging in with their corporate username and password.

The emails contain accurate information about the former employee and are sent only to those who likely worked with them, increasing the level of trust. Once credentials are entered on the phishing site, the information is used in real time to access the company’s IT infrastructure. If the password is entered incorrectly, an error message appears, mimicking the behavior of a legitimate service. This method allows attackers to bypass technical security measures, including two-factor authentication, and gives them the ability to quickly escalate the attack-such as deploying ransomware-before security teams can respond.

Motives and Recommendations

The attacks have been observed exclusively in the industrial sector, suggesting possible politically motivated goals aimed at destabilizing the industry.

The phishing domains used in these attacks were promptly blocked, but there is a risk that copies may appear. As a result, industrial organizations are advised to strengthen their anti-phishing defenses and improve employee cybersecurity awareness.

Leave a Reply