Game over — hackers are using a spoofed version of Minesweeper to snare victims

News
By published

Russian hackers are targeting Western firms with Minesweeper nostalgia

Illustration of a laptop with a magnifying glass exposing a beetle on-screen
(Image credit: Shutterstock / Kanoktuch)

Russian hackers are targeting financial institutions in Europe and the United States with a nostalgia-laden gaming lure. 

Two security agencies in Ukraine - CSIRT-NBU, and CERT-UA, hae warned of a new phishing campaign conducted by a threat actor they track as “UAC-0188”. This group is also known as “FRwL”, which is most likely an abbreviation of “From Russia with Love”, a 1963 James Bond film.

The group is sending phishing emails from “support@patient-docs-mail.com,” pretending to be a medical center. The emails come with the subject line “Personal Web Archive of Medical Documents,” and carry a 33 MB attachment, a .SCR file hosted on Dropbox containing  code from a Python clone of the famous Minesweeper Windows game. However, the clone also downloads additional scripts from a remote source which, after a few more steps, end up installing SuperOps RMM.

Abusing SuperOps RMM

SuperOps RMM, short for Remote Monitoring and Management, is a software platform designed to assist managed service providers (MSPs) and IT professionals in managing and monitoring client IT infrastructure remotely. It integrates various tools and functionalities to streamline IT operations, enhance security, and improve efficiency. 

The tool is legitimate, but often abused, similar to what happened to Cobalt Strike. SuperOps RMM grants the attackers remote access to the compromised systems, which they can then use to deploy more serious malware or infostealers, grabbing login credentials, sensitive data, banking information, and more. 

IT admins should monitor their network activity for the presence of SuperOps RMM, and if they don’t usually use the software (or know not to have it installed at all), should treat the activity as a sign of compromise.

There was no word on who the usual targets are, or how many organizations the group managed to compromise.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Russia
Major Russian hacking group shifts focus to US and UK targets
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Russian flag on a laptop
Major Russian IT service provider hit with cyberattack
Red padlock open on electric circuits network dark red background
CrowdStrike warns of fake job offer scam that is actually just malware
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Digital clouds against a blue background.

Navigating the growing complexities of the cloud
See more latest
Most Popular
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now