OREANDA-NEWS Mass mailing of letters with the virus allegedly on behalf of state institutions was carried out to Russian financial institutions and enterprises, the company from the sphere of cybersecurity Group-IB reported.

"Malefactors sent more than 11 thousand letters from fake e-mail addresses of the Russian state institutions-all of them contained the RTM Trojan intended for theft of money from services of remote banking and payment systems. On average, one successful theft of this type brings attackers about 1.1 million rubles," - said in a statement.

The Group-IB said that the mailing continues to this day. As noted in the company, mass mailings to Russian banks, industrial and transport companies began on September 11. "Mailing went "waves", peak fell on September 24 and 27 - 729 and 620 letters respectively", - it is explained in the message. In total, 3.2 thousand letters were sent in September, 2.3 thousand in October, and 4.8 thousand in November In the first few days of December alone, 784 malicious letters were sent.

Mailing took place with 2.9 thousand different email addresses, but all these addresses had one thing in common - they were forged under the addresses of state institutions, experts say.

According to Group - IB, regional departments of Rospotrebnadzor, Rosselkhoznadzor, Rostekhnadzor, Rosprirodnadzor, Ministry of labor and social development, UFSIN, Prosecutor's office and courts were among the state institutions on behalf of which letters were sent.

"Fake letters that do not have any relation to the activities of real state and municipal organizations were disguised as official documents, for example, "payment August - September", "Copies of documents", "memo", "Sending on Thursday", and others", - specify in Group-IB. At the same time, the subject of letters and the sender's address change from mailing to mailing, experts note.

Banking Trojan RTM in 2016 using hackers from the same group. "Among the potential victims RTM - banks, still ignoring the setting of protection against targeted attacks, hacking groups, and those who rarely checks the current state of the infrastructure to detect suspicious activity within the perimeter of the Bank", - said the head of the Department of network security Group-IB Nikita Kislitsin.