Russian enterprises using unlicensed business automation software were targeted by a RedLine info-stealer campaign. The attackers disseminated pirated software via online forums, embedding RedLine malware to masquerade as a licensing tool. This malware, disguised as the HPDxLIB activator, replaced the legitimate techsys.dll library, leading to the execution of the info-stealer via the 1cv8.exe process. Victims were manipulated into disabling their security systems, which facilitated the theft of sensitive data like credentials, credit card information, and crypto-wallets. This incident highlights the risks associated with using unlicensed software, as businesses inadvertently opened their systems to cyber threats, potentially leading to financial loss and data breaches.
"id": "rus000120924",
"linkid": "russian-business-council",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"