Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS.
The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts. The attackers establish remote access to the victim’s device, steal credentials, and deploy an XMRig crypto miner in the system. Kaspersky research has uncovered new tools within this APT group’s arsenal, which they will elaborate on in this article.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Night Sky is the latest ransomware targeting corporate networks
January 6, 2022
It’s a new year, and with it comes a new ransomware to keep an eye on called ‘Night Sky’ that targets corporate networks and steals data in double-extortion attacks. According to MalwareHunterteam, who first spotted the new ransomware, the Night Sky operation started on December 27th and has since published the data of two victims. One of ...
- Hackers are sending malicious links through Google Doc comment emails
January 6, 2022
Research from cybersecurity company Avanan has shown that hackers are increasingly using Google Docs’ productivity features to slip malicious content past spam filters and security tools. Avanan’s Jeremy Fuchs said that in December, the company saw cyberattackers using the comment feature in Google Docs and Google Slides to leverage attacks against Outlook users. “In this attack, hackers ...
- JFrog researchers find JNDI vulnerability in H2 database consoles similar to log4shell
January 6, 2022
Security researchers from JFrog said on Thursday that they discovered a critical JNDI-based vulnerability in the H2 database console exploiting a root cause similar to Log4Shell. The CVE hasn’t been posted by NIST but will be assigned CVE-2021-42392. In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell even though ...
- Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying
January 6, 2022
In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real power-off while allowing malware to remain ...
- Purple Fox rootkit discovered in malicious Telegram installers
January 5, 2022
Researchers have warned that the Purple Fox rootkit is now being distributed through malicious, fake Telegram installers online. This week, the Minerva Labs cybersecurity team, working with MalwareHunterTeam, said that Purple Fox is being disguised through a file named “Telegram Desktop.exe.” Those that believe they are installing the popular messaging service are, instead, becoming laden with ...
- Log4j flaw attack levels remain high, Microsoft warns
January 4, 2022
Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j ‘Log4Shell’ flaw through December. Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services. Microsoft warns ...