Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS.
The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts. The attackers establish remote access to the victim’s device, steal credentials, and deploy an XMRig crypto miner in the system. Kaspersky research has uncovered new tools within this APT group’s arsenal, which they will elaborate on in this article.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- SAP Bugs Under Active Cyberattack, Causing Widespread Compromise
April 6, 2021
Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. Adversaries are carrying out a range of attacks, according to an alert from SAP and security firm Onapsis issued Tuesday – including theft of sensitive data, financial fraud, disruption of mission-critical business processes and other operational ...
- The leap of a Cycldek-related threat actor
April 5, 2021
In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. Initially considered to be the ...
- Industrial IoT Needs to Catch Up to Consumer IoT
April 5, 2021
When it comes to cybersecurity, industrial IT—consisting mainly of operational technology (OT) and industrial control systems (ICS)—has failed to keep up with development in the enterprise IT world. That’s mostly because industries’ adoption of internet technology has been slower when compared with enterprises. It would take some time to close the gap, but concerted efforts have ...
- 2020 Phishing Trends With PDF Files
April 5, 2021
From 2019-20, we noticed a dramatic 1,160% increase in malicious PDF files – from 411,800 malicious files to 5,224,056. PDF files are an enticing phishing vector as they are cross-platform and allow attackers to engage with users, making their schemes more believable as opposed to a text-based email with just a plain link. To lure users ...
- Ransomware gang leaks data from Stanford, Maryland universities
April 3, 2021
Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. The threat actors obtained the documents after hacking the universities’ Accellion File Transfer Appliance (FTA) software used to share and store sensitive information. Data stolen in the attack targeting Stanford Medicine’s ...
- FBI: APTs Actively Exploiting Fortinet VPN Security Holes
April 3, 2021
The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products. According to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 8443 ...