Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023.
These attackers primarily have their sights set on the manufacturing, finance, and IT sectors. Their campaigns are meticulously prepared and tailored to specific victims, featuring a signature toolkit of custom Java-based malware loaders and a sprawling infrastructure with resources dedicated to specific campaigns.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Five years after the Equation Group HDD hacks, firmware security still sucks
February 18, 2020
In a report published today, Eclypsium, a cyber-security firm specialized in firmware security, says that the issue of unsigned firmware is still a widespread problem among device and peripheral manufactures. According to researchers, many device makers still don’t sign the firmware they ship for their components. Furthermore, even if they sign a device’s firmware, they don’t ...
- Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign
February 18, 2020
Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain, APT34/OilRig and APT33/Elfin appear to be linked to the campaign (which they ...
- Israeli soldiers tricked into installing malware by Hamas agents posing as women
February 17, 2020
Members of the Hamas Palestinian militant group have posed as young teenage girls to lure Israeli soldiers into installing malware-infected apps on their phones, a spokesperson for the Israeli Defence Force (IDF) said today. Some soldiers fell for the scam, but IDF said they detected the infections, tracked down the malware, and then took down Hamas’ ...
- LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File
February 14, 2020
LokiBot, which has the ability to harvest sensitive data such as passwords as well as cryptocurrency information, proves that the actors behind it is invested in evolving the threat. In the past, we have seen a campaign that exploits a remote code execution vulnerability to deliver LokiBot using the Windows Installer service, a Lokibot variant that uses ISO ...
- US Cyber Command, DHS, and FBI expose new North Korean malware
February 14, 2020
US Cyber Command, the Department of Homeland Security, and the Federal Bureau of Investigations have exposed today a new North Korean hacking operation. Authorities have published security advisories detailing six new malware families that are currently being used by North Korean hackers. According to the Twitter account of the Cyber National Mission Force (CNMF), a subordinate unit ...
- Wireshark Tutorial: Examining Qakbot Infections
February 13, 2020
Qakbot is an information stealer also known as Qbot. This family of malware has been active for years, and Qakbot generates distinct traffic patterns. This Wireshark tutorial reviews a recent packet capture (pcap) from a Qakbot infection. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Qakbot infections. Note: This tutorial assumes you have ...