In December 2025 and January 2026, BI.ZONE Threat Intelligence detected malicious activity by a new cluster Vortex Werewolf (SkyCloak). The attacks targeted Russian government and defense organizations.
BI.ZONE researchers findings indicate that the adversary used phishing emails to deliver malware to the target systems. Victims received messages containing a download link disguised as a Telegram file‑sharing URL. Clicking the link triggered the download of two archives—one with a malicious LNK file and another with multiple files, including a PowerShell script. A successful compromise resulted in the installation of Tor and OpenSSH, as well as the configuration of Tor‑enabled remote access over the RDP, SMB, SFTP, and SSH protocols.
Read more…
Source: BI.ZONE
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Major telco breach sees 6.2 million users have personal info leaked
February 13, 2026
Dutch telecommunications company Odido has confirmed suffering a cyberattack and losing sensitive data on millions of people. In a notice published on its website, the company says it “deeply regrets” the situation and is “fully committed” to limiting its impact. “Based on investigation, the incident concerns personal data from a customer contact system used by Odido,” ...
- World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
February 12, 2026
World Leaks, the cyber-criminal data extortion group which has targeted some of the world’s biggest companies, has added a novel, never-before-seen malware to their arsenal, research by Accenture Cybersecurity has revealed. Accenture has named the malware ‘RustyRocket’. It allows World Leaks to stealthily maintain persistence on networks and forms a key part of the extortion groups’ ...
- Apple patches zero-day flaw that could let attackers take control of devices
February 12, 2026
Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, and Safari, fixing, in particular, a zero-day flaw that is actively exploited in targeted attacks. Exploiting this zero-day flaw would allow cybercriminals to run any code they want on the affected device, potentially installing spyware or backdoors without the owner noticing. Installing these ...
- Hacker warns victims after leaking 6.8 billion emails online
February 12, 2026
A hacker claims to have obtained, and leaked, 6.8 billion unique email addresses – and although the claims are unverified at this time, initial reports indicate at least half of those emails are real. Researchers at Cybernews recently found a new post on a popular data leak forum created by a hacker with the alias Adkka72424 ...
- ISA warns of increasing cyber attacks against Israeli officials
February 11, 2026
The ISA and the National Cyber Directorate announced on Wednesday that they thwarted hundreds of cyberattack attempts over the past year carried out by Iranian intelligence operatives. According to the agencies, the attacks targeted senior government and defense officials, academics, journalists, and employees in the defense industry. A joint statement said a marked escalation in hostile ...
- RenEngine: When “free” comes at too high a price
February 11, 2026
Kaspersky researchers often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware that employs advanced techniques and sophisticated infection chains. In February 2026, researchers from Howler Cell announced the discovery of a mass campaign distributing pirated games infected with a previously unknown ...