{"id":27856,"date":"2022-01-28T16:48:00","date_gmt":"2022-01-28T15:48:00","guid":{"rendered":"https:\/\/perseus.de\/warning-of-malware-attacks-on-german-companies\/"},"modified":"2026-03-31T07:26:44","modified_gmt":"2026-03-31T05:26:44","slug":"warning-of-malware-attacks-on-german-companies","status":"publish","type":"post","link":"https:\/\/perseus.de\/en\/warning-of-malware-attacks-on-german-companies\/","title":{"rendered":"Warning of malware attacks on German companies"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
28.01.2022<\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Warning of malware attacks on German companies\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In recent days, information has been accumulating that there is an increase in malware attacks on German companies. Furthermore, a research team from the security software manufacturer Kaspersky discovered a dangerous boot kit. This new type of malware still raises questions. We get to the heart of what it is, who is at risk and how you can protect yourself. <\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

German companies increasingly attacked with malware “Hyberbro”<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In its Cyberbrief 01\/22, the Federal Office for the Protection of the Constitution warns of an ongoing espionage campaign by the APT 27 group.<\/p>

According to the Office for the Protection of the Constitution, the attackers use a Remote Access Trojan (RAT) called “Hyberbro”. A RAT is a malware program that opens a backdoor for administrative control on the targeted system. RATs are usually downloaded in the background by a program that has been called by the user. In the current case, it is suspected that the malware was installed on countless computers by exploiting security vulnerabilities in the password management program AdSelfService Plus1 from the Indian software manufacturer Zoho. The vulnerability in Microsoft Exchange, which became known in March, is also considered an entry gate for “Hyberbro”, as many companies have still not closed the gap. <\/p>

This type of cyberattack focuses primarily on the theft of trade secrets and intellectual property. However, the Office for the Protection of the Constitution does not rule out the possibility that the attackers could also penetrate the networks of customers and service providers via this route and infiltrate several companies at once. <\/p>

For experts: Possible indicators of infection<\/p>

Cyberbrief 01\/22 also contains information on how to detect an infection with “Hyberbro”. Among the indications that indicate a compromise of a system (Indicators of Compromise, IOC) are three IP addresses to which the RAT seeks contact: <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\"\"<\/p>

<\/p>

Furthermore, certain files, paths or processes can also indicate an infestation. All details can be found in the Cyberbrief 01\/22 of the Federal Office for the Protection of the Constitution<\/a>. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

What you can do<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

We advise admins and IT managers:<\/p>