Scaly Wolf’s new loader: the right tool for the wrong job


The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations.

The threat actors are distributing phishing emails under the guise of a federal agency. The emails have a legitimate document as an attachment. It aims to lull the recipient’s vigilance and prompt them to open the other file, a password‑protected archive.

Read more…
Source: BI.ZONE


Sign up for our Newsletter


Related:

  • Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

    September 5, 2024

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm ...

  • Tropic Trooper spies on government entities in the Middle East

    September 5, 2024

    Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle ...

  • Amsterdam municipality bans Telegram on work phones over security concerns

    August 19, 2024

    The municipality of Amsterdam has banned its civil servants from using the messaging app Telegram on their work phones due to concerns over criminal activity and potential espionage, local media reported on Monday. The ban, which was implemented at the end of April but only recently made public, is attributed to fears that Telegram could be ...

  • Tusk: unraveling a complex infostealer campaign

    August 15, 2024

    Kaspersky Global Emergency Response Team (GERT) has identified a complex campaign, consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals. The sub-campaigns imitate legitimate projects, slightly modifying names and branding and using multiple social media accounts to increase their credibility. In their analysis GERT researchers observed that all the active sub-campaigns host the initial downloader on Dropbox. ...

  • EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

    August 14, 2024

    In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that received commands via the Dropbox cloud service. Attackers used this malware to download ...

  • Turkish intelligence dismantles global cyber espionage network

    August 13, 2024

    The Turkish National Intelligence Organization (MIT) has successfully dismantled a global cyber espionage network that had stolen personal data from thousands of individuals worldwide, including in Türkiye. In a coordinated effort with the Turkish Gendarmerie General Command and the National Cyber Incident Response Center (USOM), MIT carried out the operation as part of an investigation led ...