Squid Werewolf cyber spies masquerade as recruiters


Espionage activity clusters may pose as recruiters to distribute phishing emails, targeting key employees in organizations of interest. In December 2024, the BI.ZONE Threat Intelligence team uncovered a peculiar phishing campaign aimed at luring victims with fake job opportunities at an industrial organization.

A detailed analysis revealed that the attack had been carried out by Squid Werewolf (APT37, Ricochet Chollima, ScarCruft, Reaper Group). The attack would begin with a phishing email, which the adversaries disguised as a job offer from a United Industrial Complex HR representative. The attachment comprised a password‑protected file Предложение о работе.zip, with the password provided in the email. The ZIP archive included an LNK file Предложение о работе.pdf.lnk which, once opened, executed the following command:

Read more…
Source: BI.ZONE Threat Intelligence


Sign up for our Newsletter


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...