Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS.
The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts. The attackers establish remote access to the victim’s device, steal credentials, and deploy an XMRig crypto miner in the system. Kaspersky research has uncovered new tools within this APT group’s arsenal, which they will elaborate on in this article.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Triton Malware Targets Industrial Control Systems in Middle East
December 15, 2017
Researchers found malware called Triton on the industrial control systems of a company located in the Middle East. Attackers planted Triton, also called Trisis, with the intent of carrying out a “high-impact attack” against an unnamed company with the goal of causing physical damage, researchers said. FireEye’s Mandiant threat research team revealed the existence of the malware ...
- 19-Year-Old TLS Vulnerability Weakens Modern Website Crypto
December 13, 2017
A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key. The vulnerability is found in the transport layer security protocol used for Web encryption. A successful attack could ...
- Why bother cracking PCs? Spot o’ malware on PLCs… Done. Industrial control network pwned
December 12, 2017
Security researchers have demonstrated a new technique for hacking air-gapped industrial control system networks, and hope their work will encourage the development of more robust defences for SCADA-based systems. Air-gapped industrial networks are thought to be difficult if not impossible to hack partly because they are isolated from the internet and corporate IT networks. However, in ...
- Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions
December 7, 2017
A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal Liberman and Eugene Kogan, who ...
- Hackers are scanning computers worldwide for open Bitcoin and Ethereum wallets…
November 27, 2017
Security researcher Didier Stevens setup a trap, or in digital security terms – a “honeypot”. Think of it as digital sting operation, where someone puts a server online open to attack – but nothing of value is really there, it’s only there to record the attacks as they happen. The logs of these honeypots revealed hackers ...
- New Mirai Variant Found Spreading like Wildfire
November 23, 2017
A security researcher reportedly discovered a new variant of Mirai (identified by Trend Micro as ELF_MIRAI family) that is quickly spreading. A notable increase in traffic on port 2323 and 23 was observed over the weekend, with around 100 thousand unique scanner IPs coming from Argentina. The release of the Proof-of-Concept (PoC) exploit code in a public vulnerabilities database was ...