Approaching cyclone: Vortex Werewolf attacks Russia


In December 2025 and January 2026, BI.ZONE Threat Intelligence detected malicious activity by a new cluster Vortex Werewolf (SkyCloak). The attacks targeted Russian government and defense organizations.

BI.ZONE researchers findings indicate that the adversary used phishing emails to deliver malware to the target systems. Victims received messages containing a download link disguised as a Telegram file‑sharing URL. Clicking the link triggered the download of two archives—one with a malicious LNK file and another with multiple files, including a PowerShell script. A successful compromise resulted in the installation of Tor and OpenSSH, as well as the configuration of Tor‑enabled remote access over the RDP, SMB, SFTP, and SSH protocols.

Read more…
Source: BI.ZONE


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...