werewolf’
-
BI.ZONE Threat Intelligence continues to monitor the Core Werewolf cluster that has been attacking Russia’s defense industry and critical infrastructure since 2021. In its latest campaigns, the threat actor turned to a new loader written in AutoIt and started delivering malicious files via Telegram (in addition to email).
-
Officials at Arlington, Massachusetts, confirmed the loss of more than $445,000 following a business email compromise attack against the town last year, reports StateScoop.Officials at Arlington, Massachusetts, confirmed the loss of more than $445,000 following a business email compromise attack against the town last year, reports StateScoop.
-
Morphisec Labs has identified a surge in cyber activity associated with the Sticky Werewolf group, a threat actor with suspected geopolitical or hacktivist ties. This elusive group, first detected in April 2023, has expanded its operations from targeting public organizations in Russia and Belarus to hitting various sectors, including pharmaceuticals, research institutes, and most recently,…
-
Sticky Werewolf, a cyber threat group, has shifted its targeting strategy from sending phishing emails with download links to malicious files to using archive attachments containing LNK files, which act as shortcuts to malicious executables hosted on WebDAV servers.
-
A hacker group dubbed Sapphire Werewolf has attacked more than 300 Russian companies over the past three months using the Amethyst infostealer, researchers have found.
-
Cloud Werewolf spearphishes for government employees in Russia and Belarus with fake spa vouchers…
·
Cloud Werewolf leverages topics that appeal to its targets to increase the likelihood that the malicious attachments get opened. The IT infrastructure of government organizations provides ample opportunities for adversaries to exploit even the old vulnerabilities. This is just another reminder of how crucial it is to proactively remediate vulnerabilities, especially those used in real…
-
Mysterious Werewolf continues to use phishing emails and CVE-2023–38831 in WinRAR to run malicious code in target systems. The threat actors are experimenting with malicious payload. Now they have opted for RingSpy, a Python backdoor, to replace the Athena agent (Mythic C2 framework). As before, the cluster abuses legitimate services to communicate with compromised systems.…
-
This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.