Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf.
The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement order, a Central Election Committee leaflet, and even as a decree from the President of Russia.
Read more…
Source: BI.ZONE
Related:
- Fake video conferencing apps are targeting Web3 workers to steal their data
December 9, 2024
Researchers are warning of a new “fake job” hacking campaign that targets primarily people working in the Web3 (blockchain) industry. Experts at Cado Security Labs revealed the campaign started in September 2024, aiming to trick people into downloading infostealing malware to their devices, both for Windows and macOS. In some examples observed by the researchers, the ...
- MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
December 5, 2024
Trend Micro researchers have been continuously monitoring the MOONSHINE exploit kit’s activity since 2019. During our research, they discovered a MOONSHINE exploit kit server with improper operational security: Its server exposed MOONSHINE’s toolkits and operation logs, which revealed the information of possible victims and the attack tactics of a threat actor we have named Earth ...
- INTERPOL campaign warns against cyber and financial crimes
December 3, 2024
INTERPOL has launched a campaign to raise awareness on the growing threat of cyber and financial crimes against vulnerable individuals and organizations. The Think Twice campaign, which includes a series of short videos, focuses on five rising online threats: ransomware attacks, malware attacks, phishing, generative AI scams, and romance baiting. These sophisticated scams have seen a ...
- Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
December 2, 2024
Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as “Запрос цены и предложения от Индивидуального предпринимателя <ФИО> на август 2024. According to Kaspersky telemetry, ...
- Shin Bet finds 200 Iranian cyberattacks on Israeli personalities
December 2, 2024
In recent months, the Shin Bet (Israel Security Agency) has uncovered some 200 efforts made by Iranian hackers to target Israeli civilians, the Shin Bet stated on Monday. The hacking was conducted via phishing attempts against various individuals, including Israeli politicians, academics, and media personalities, the security agency added. The hackers reportedly looked to gain access ...
- INTERPOL financial crime operation makes record 5,500 arrests, seizures worth over USD 400 million
November 27, 2024
LYON, France – A global operation involving law enforcement from 40 countries, territories and regions has ended with the arrest of over 5,500 financial crime suspects and the seizure of more than USD 400 million in virtual assets and government-backed currencies. The five-month Operation HAECHI V (July – November 2024) targeted seven types of cyber-enabled frauds: ...