Spear-phishing emails used to nab data from financial and government bodies.
The hacking group Flea is targeting this year’s G20 Summit in Brisbane, Australia with the intention of stealing sensitive data, according to the security company Symantec.
Malicious emails have been circulating in the run-up to the event, hitting an international economic group and an organisation connected to several monetary authorities.
Symantec said: "The Flea attack group carries out new attacks every four to eight months, suggesting that the group only wishes to steal information over a short amount of time.
"Flea’s attack tools also indicate that the group is not interested in laterally moving across compromised networks to reach other targets."
The hackers use spear-phishing emails with malicious attachments to attack their victims, with the content of the message based on political conferences, nuclear issues or the Olympics.
Once the documents are downloaded, the backdoor Infostealer.Hoardy is dropped onto the system, allowing the hackers to run shell commands and transfer files on and off the infected machine.
"A non-malicious Word document is also opened up on the compromised computer to ensure that the recipient doesn’t suspect that anything is amiss," Symantec added.
Personnel departments are also used as an entry point, with hackers creating phoney job applications for the firms they are looking to infect in order to carry out reconnaissance.
Flea is thought to have been active since 2010, when it was seen targeting the G20 Summit in Seoul, South Korea in similar circumstances.