Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS.
The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts. The attackers establish remote access to the victim’s device, steal credentials, and deploy an XMRig crypto miner in the system. Kaspersky research has uncovered new tools within this APT group’s arsenal, which they will elaborate on in this article.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Anatomy of Formjacking Attacks
April 27, 2020
The rise of the Internet has contributed positively in many ways to people’s lives and you can find almost any service on the internet now. However, the convenience of the internet also opens a gate to use malware to steal people’s confidential information, and unfortunately, more and more malware authors are taking advantage of this. Formjacking, ...
- Single Malicious GIF Opened Microsoft Teams to Nasty Attack
April 27, 2020
Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply involved tricking a victim into viewing a malicious GIF ...
- Israel government tells water treatment companies to change passwords
April 27, 2020
The Israeli government says that hackers have targeted its water supply and treatment facilities last week. In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can’t be changed, the agency recommended taking ...
- Hackers are exploiting a Sophos firewall zero-day
April 26, 2020
Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers. Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing ...
- Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address
April 24, 2020
The legal case between Facebook and Israeli spyware vendor NSO Group is starting to yield the details tech and cyber-security experts have been waiting since Facebook filed its lawsuit in October 2019. In court documents filed yesterday, Facebook said it linked 720 instances of attacks against WhatsApp users to one single IP address. The attacks were carried out ...
- A look at the ATM/PoS malware landscape from 2017-2019
April 23, 2020
From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like as of 2020? Let’s take a look. ATM attacks aren’t ...