Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies


Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf.

The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement order, a Central Election Committee leaflet, and even as a decree from the President of Russia.

Read more…
Source: BI.ZONE


Sign up for our Newsletter


Related:

  • Emotet botnet starts blasting malware again after 5 month break

    November 2, 2022

    The Emotet malware operation is again spamming malicious emails after almost a five-month “vacation” that saw little activity from the notorious cybercrime operation. Emotet is a malware infection distributed through phishing campaigns containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL will be downloaded and loaded into memory. Once ...

  • CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication

    October 31, 2022

    CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number ...

  • DHL named most-spoofed brand in phishing

    October 24, 2022

    DHL is the most spoofed brand when it comes to phishing emails, according to Check Point. Crooks most frequently used the brand name in their attempts to steal personal and payment information from marks between July and September 2022, with the shipping giant accounting for 22 percent of all worldwide phishing attempts intercepted by the cybersecurity ...

  • Phishing works so well crims won’t bother with deepfakes, says Sophos chap

    October 17, 2022

    Panic over the risk of deepfake scams is completely overblown, according to a senior security adviser for UK-based infosec company Sophos. “The thing with deepfakes is that we aren’t seeing a lot of it,” Sophos researcher John Shier told El Reg last week. Shier said current deepfakes – AI generated videos that mimic humans – aren’t the ...

  • New PHP information-stealing malware targets Facebook accounts

    October 16, 2022

    A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers. Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core ...

  • Gamaredon APT targets Ukrainian government agencies in new campaign

    September 15, 2022

    Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part ...