Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS.
The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts. The attackers establish remote access to the victim’s device, steal credentials, and deploy an XMRig crypto miner in the system. Kaspersky research has uncovered new tools within this APT group’s arsenal, which they will elaborate on in this article.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- GandCrab ransomware distributor arrested in Belarus
August 3, 2020
In a press release last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man on charges of distributing the GandCrab ransomware. The man, whose name was not released, was arrested in Gomel, a small city in southeastern Belarus, at the intersection with the Russian and Ukraine border. Authorities said the man ...
- FBI sees surge in online shopping scams, FTC says most reports ever
August 3, 2020
The U.S. Federal Bureau of Investigation (FBI) today warned of an increased number of reports coming from victims of online shopping scams. The public service announcement, published on the agency’s Internet Crime Complaint Center (IC3), says that the scam victims report that they found the scammers’ websites either via direct searches on popular web search engines ...
- Take a “NetWalk” on the Wild Side
August 3, 2020
The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of 2020, with a strong uptick noticed in March of this year. NetWalker has noticeably evolved to a more stable and robust ransomware-as-a-service (RaaS) model, and our research suggests that the malware ...
- Google: Eleven zero-days detected in the wild in the first half of 2020
August 3, 2020
According to data collected by Google’s Project Zero security team, there have been 11 zero-day vulnerabilities exploited in the wild in the first half of the year. The current number puts 2020 on track to have just as many zero-days as 2019 when Google security researchers said they tracked 20 zero-days all of last year. Details about ...
- How the FBI tracked down the Twitter hackers
August 1, 2020
After earlier today US law enforcement charged three individuals for the recent Twitter hack, with the help of court documents released by the DOJ, ZDNet was able to piece together a timeline of the hack, and how US investigators tracked down the three suspected hackers. The article below uses data from three indictments published today by the ...
- WastedLocker: technical analysis
July 31, 2020
The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month, sometimes even more often. On July 23, Garmin, a major manufacturer of navigation equipment and smart devices, including smart watches and bracelets, experienced a massive service outage. As confirmed by an official statement later, the cause ...