Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies


Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf.

The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement order, a Central Election Committee leaflet, and even as a decree from the President of Russia.

Read more…
Source: BI.ZONE


Sign up for our Newsletter


Related:

  • Criminals exploiting cost of living crisis with energy rebate scam emails

    September 7, 2022

    Criminals are cashing in on the energy crisis by offering bogus rebates to try and trick victims into handing over bank account details. Police say in the past fortnight they’ve had nearly 1,600 reports of suspicious emails with links to malicious websites designed to steal personal and financial information. The scam emails pretend to be from the ...

  • China-linked APT40 gang targets wind farms, Australian government

    August 31, 2022

    Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site. The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine ...

  • PyPI warns of first-ever phishing campaign against its users

    August 26, 2022

    The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service. The community-run organization said this is the first known phishing attack against PyPI users. And the attack has unfortunately been somewhat successful, resulting in the compromise of some users’ accounts. PyPI is an ...

  • Cyber criminals are launching phishing attacks on LinkedIn

    August 25, 2022

    Regular users of LinkedIn, the professional networking and social working platform, have noticed an increase of threat actors trying to steal critical personal information through phishing attacks. These cyber criminals are using false LinkedIn accounts to trick unsuspecting victims into giving up confidential information. How are they doing it? Threat actors start by creating fraudulent LinkedIn ...

  • Legitimate SaaS Platforms Being Used to Host Phishing Attacks

    August 23, 2022

    Instead of creating phishing pages from scratch, more and more cybercriminals are now abusing legitimate software-as-a-service (SaaS) platforms, including various website builders or form builders, to host their phishing pages. Since these URLs are hosted on legitimate domains, they can be especially difficult for many phishing detection engines to detect. Furthermore, these platforms typically require ...

  • Disrupting SEABORGIUM’s ongoing phishing operations

    August 15, 2022

    The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state interests. Its campaigns involve persistent phishing and credential theft campaigns leading to ...