Mysterious Werewolf hits defense industry with new RingSpy backdoor

The criminal group gains initial access through phishing emails with a compressed executable that unleashes RingSpy, an original remote access backdoor

The BI.ZONE Threat Intelligence team has detected a new campaign by Mysterious Werewolf, a cluster that has been active since at least 2023. This time, the adversaries are targeting defense enterprises. To achieve their goals, they use phishing emails with an archive attached. The archive contains a legitimate PDF document and a malicious CMD file. Once the document is extracted and double‑clicked, the exploit launches the CMD file to deliver the RingSpy backdoor to the compromised system.

Read more…
Source: BI.ZONE