Stone Wolf employs Meduza Stealer to hack Russian companies


BI.ZONE Threat Intelligence reports an increase in criminal activity employing commercial malware available on underground resources. Recently, the researchers identified a malicious campaign by a cluster later dubbed Stone Wolf.

The adversaries send out phishing emails on behalf of a legitimate provider of industrial automation solutions. The goal of the attackers is to deliver Meduza Stealer to the infrastructures of their interest. Cybercriminals often disseminate phishing emails on behalf of large well‑known organizations. Recognizable logos and other elements of the brands’ visual identity help adversaries gain user trust and boost the chances for their malicious messages to be opened.

Read more…
Source: BI.ZONE Threat Intelligence 


Sign up for our Newsletter


Related:

  • Ghostcommit attack hides malicious AI instructions in images

    July 13, 2026

    Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images. The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an AI coding agent to follow those instructions during a ...

  • EU-UK sanctions target Russia over Europe-wide ‘vast cyber campaign’

    July 13, 2026

    The European Union and the UK have announced coordinated sanctions against Russia after accusing Moscow’s FSB intelligence agency of carrying out a cyber attack in December targeting Poland’s energy grid and orchestrating a wider campaign of digital sabotage across Europe. The joint measures focus on individuals and organisations linked to Russia’s security services, with the EU ...

  • Trump administration subpoenas New York Times journalists over new Air Force One reporting

    July 11, 2026

    The Trump administration has issued subpoenas to several New York Times journalists after the newspaper reported on security concerns with the president’s new plane. The Times said its journalists were subpoenaed on Friday by the US justice department to testify before a federal grand jury in Manhattan five days later, marking the latest effort by the Trump White ...

  • Ukrainians are using VPNs to cause havoc in Russia by changing fuel station statuses on maps in a bid to cause chaos and confusion

    July 11, 2026

    A coordinated online campaign has reportedly encouraged users to alter fuel station information on digital maps across Russia, creating confusion among drivers. The activity involves changing station statuses by marking locations with available fuel as empty or showing closed stations as operational. Supporters of the campaign claim the effort is designed to disrupt travel decisions, increase uncertainty, ...

  • Supermarket chain Lidl warns customers after data leak

    July 10, 2026

    Unknown individuals managed to gain access to customer data held by the supermarket chain Lidl. The German company informed affected customers of this via email this week. Thus far, the supermarket chain has declined to say how many customers were affected. However, the discount retailer did state that it has notified the Dutch Data Protection Authority. Read ...

  • No Manners Here: The Ruthless Rise of The Gentlemen Ransomware

    July 10, 2026

    The Gentlemen (aka Storm-2697) is a Ransomware-as-a-Service (RaaS) program active since at least July 2025. Public reporting indicates that the operators were likely active months earlier as an affiliate (known as ArmCorp) of Qilin RaaS, which Unit 42 tracks as Spikey Scorpius. Their ransomware variants are written in both C and Go programming languages, enabling ...