OREANDA-NEWS. As the national center for responding to computer incidents of the Republic of Belarus CERT.BY reported on Wednesday, the XDSpy hacker group attacks computers in state bodies of Belarus, including the security forces, with the aim of infecting users of the Belarusian segment of the Internet with malicious software through phishing mailings.

Earlier, in early May, CERT.BY reported that a number of computers in government agencies were attacked by malicious software, which makes it possible for attackers to gain access to confidential information. At the end of September, the center announced a "new campaign" for the distribution and infection of malware in the Belarusian segment of the Internet, which also affected law enforcement agencies, government agencies and organizations.

The center reports that a number of phishing mailings were recorded in September as part of a campaign to infect users of the national segment of the Internet with malware. Based on the results of the analysis of data obtained during the study of the affected instances, it can be assumed that the attacks are carried out by the previously unknown government hacker group XDSpy. Its detection was recently reported by ESET at VB2020 localhost.

The first such malicious mailing was recorded in early 2020. Since then, the type of malicious attachment in phishing emails has slightly changed and new functionality has been added to protect against detection on the victim's computer. During the investigation of the incident with phishing mailings, new mailing recipients were identified, as well as signs of letters and infection.