Around 7 am this morning, several Estonian institutions and contacts started receiving letters under the name of the Rector of Tallinn University of Technology Tiit Land, requesting a price offer. This is an e-mail scam and Tallinn University of Technology asks everyone not to open the attachment to this e-mail and delete the e-mails.
It is a spoofing attack, where a malicious party impersonates as the university and Rector with an aim of causing damage or gaining money. The university's IT Services department confirms that the Rector's e-mail account has not been hijacked.
An archive file hinnapakkumine-pdf.zip, containing hinnapakkumine-pdf.exe, has been attached to the e-mail. This is malware known as LokiBot used to steal sensitive information such as passwords, cryptocurrency wallets and other credentials.
CERT-EE has already been notified. The sender's IP has been blocked and the e-mails will no longer reach the university's mailboxes. The university's domain computers are in order and none of them is infected, no events indicating malware infection were detected in the firewall logs, but external parties may still receive the e-mails. The incident is being dealt with.
