Home Cases Spam attack on a manufacturing company
30 December 2020
Spam attack on a manufacturing company

*in order to preserve confidentiality, the name of the company is hidden

CyberSEALs was contacted by one of the largest strategic budget-forming state-owned enterprises with the problem of spam attacks on their mail server

During the investigation (OSINT / underground):

  • the command center is installed (admin panel of the bot)
  • received an OS dump from a hosting provider
  • OS dump analysis performed

Also found:

  • Smokebot is a modular bot that, after loading, performs all tasks and removes itself, that is, it is not installed on the system


  1. STEALER – a module for collecting saved passwords from various programs (browsers, FTP, Mail), all passwords are collected and sent to the control center (bot admin panel)
  2. FORM GRAB is a form grabber that works in real time with all browsers, intercepts all POST requests, authorization forms, payment data, etc.
  3. PASS SNIF is a password sniffer that works in real time with all applications, can intercept passwords, all data is also sent to the admin panel

A person was established, as well as accounts on underground forums, where it was established:

  • forum name
  • registration date
  • number of posts on the forum
  • most posts on the topic: security and hacking
  • date of last visit to the forum

During the analysis of the activity on the forum, it was found that the hacker was looking for a loader to download software that would infect executable files on all disks, flash drives, etc., and after reinstalling the OS without formatting, there was a hope that the bot would launch the loader. The hacker’s budget was $ 3,000

Approach and result

  • check carried out
  • built a blocker model with subsequent verification
  • it is determined that the hacker was a candidate for employment in the client’s company
  • refusal to cooperate with a compromised candidate

Business effect

  • financial risks averted
  • reputational risks are prevented
Related news
The digital footprint: episode 1 “Wolf in sheep’s clothing”
10 August 2021
The digital footprint: episode 1 “Wolf in sheep’s clothing”
Read more
Anti-phishing solution for the bank
30 April 2021
Anti-phishing solution for the bank
Read more

Like many other companies, CyberSEALs uses cookie technology on its websites to improve your user experience, as well as for the proper functioning of the website.

If you agree to the use of all cookies on this site, click the Ok button. To learn more about cookie technology, its benefits and how CyberSEALs uses it, check out our Privacy policy