XDSPY Group Attacks Russian Organizations with Nuclear Disguise

The XDSPY hacker group, known for its activity since 2011, has conducted cyber attacks on a Russian metallurgical enterprise and a research institute involved in the development and production of controlled missile weapons.

According to the Foundation for Analysis and Counteraction of Terrorism (F.A.C.T.), on November 21-22, 2023, both organizations received phishing emails containing malicious attachments. The email signature in both cases featured the logo of the “nuclear” research institute, while the sender was indicated as a logistics company based in Kaliningrad. In addition, another harmful email, originating from a Belarusian address, was discovered and sent by Russian metallurgists.

The phishing emails contained a file named “Zayavlenye.pdf”. Upon opening the file, a virus would be activated, which then collects various information and files from the victim’s computer and transfers them to the attackers.

The XDSPY group specifically targets Russian enterprises in the military, financial, and government sectors, as well as mining, research, and energy organizations, according to experts. Despite the efforts of specialists from various countries, it remains unclear whose interests this hacker group serves.