Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS.
The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts. The attackers establish remote access to the victim’s device, steal credentials, and deploy an XMRig crypto miner in the system. Kaspersky research has uncovered new tools within this APT group’s arsenal, which they will elaborate on in this article.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- ‘DeadRinger’ Targeted Exchange Servers Long Before Discovery
August 4, 2021
Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found. Researchers from Cybereason have been tracking multiple cyberespionage campaigns – collectively dubbed “DeadRinger” – since 2017, reporting initially on findings ...
- The Pentagon says its new AI can see events ‘days in advance’
August 4, 2021
The US military is testing the use of cutting-edge data gathering tools combined with artificial intelligence to predict enemies’ next moves with up to days of advance. Speaking at a press conference, the commander of the US Northern Command (NORTHCOM) Glen VanHerck revealed that trials have been on-going to improve the military’s use of data when ...
- NSA, CISA release Kubernetes Hardening Guidance
August 3, 2021
FORT MEADE, Md. – The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk. Kubernetes is an open source system that automates the deployment, scaling, and management of applications run ...
- PwnedPiper critical bug set impacts major hospitals in North America
August 2, 2021
Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital’s critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they’re needed. Read more… Source: Bleeping ...
- DarkSide ransomware gang returns as new BlackMatter operation
July 31, 2021
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. After conducting an attack on Colonial Pipeline, the US’s largest fuel pipeline, and causing fuel shortages in the southeast of the USA, the DarkSide ransomware group faced ...
- Here’s 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ
July 30, 2021
Details of 30 servers thought to be used by Russia’s SVR spy agency (aka APT29) as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ. Russia’s Foreign Intelligence Service “is actively serving malware (WellMess, WellMail) previously used in espionage campaigns targeting COVID-19 research in the UK, US, and Canada,” ...