BI.ZONE Threat Intelligence has discovered a previously unknown cluster whose activity can be traced back to November 2023. Dubbed Venture Wolf, the cluster employs multiple loaders to deliver MetaStealer to the target systems. The threat actor focuses on a range of industries, including manufacturing, construction, IT, and telecommunications.
Stealers maintain their position among the most popular types of malware employed by threat actors. As there are no “developer” restrictions on the use of certain malware programs against Russian companies, such programs gain higher recognition among various clusters of malicious activity. The authentication material obtained in the course of MetaStealer‑based campaigns can be used later to undertake more complex targeted attacks against the compromised organizations.
Read more…
Source: BI.ZONE Threat Intelligence
Related:
- UAE: Up to 100 people arrested by police for filming drone or missile strikes
March 14, 2026
Up to 100 people have been arrested by police in the UAE for filming drone or missile strikes, it emerged this morning. Abu Dhabi Police alone have arrested 45 people of multiple nationalities for filming various locations amid current ongoing events and posting clips on social media. In neighbouring Dubai, at least 21 people, including a ...
- CISA warns max-severity n8n bug is being exploited in the wild
March 12, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n. CISA urged all federal civilian executive branch (FCEB) agencies to patch CVE-2025-68613 at once because it carries a near-perfect 9.9 vulnerability score. The bug was first disclosed in December, and ...
- Iran-linked hackers launch cyberattack against U.S. medtech company Stryker
March 11, 2026
U.S. medical technology company Stryker is currently experiencing a massive cyberattack, which has shut down their computer systems and, as a result, even closed the company’s offices. An Iran-linked digital activist collective known as Handala is claiming credit for the cyberattack against Stryker. This would be the first major cyberattack carried out in the wake of the ...
- Russian hackers target HR departments with vicious new ‘BlackSanta’ malware
March 11, 2026
Russian hackers have been targeting Human Resources (HR) departments at various organizations around the world with a never-before seen piece of malware called BlackSanta. The campaign was spotted by cybersecurity researchers Aryaka, who said the attacks have been going on for at least a year, and include a rather sophisticated infection chain. It most likely starts ...
- BeatBanker: A dual‑mode Android Trojan
March 10, 2026
Recently, Kaspersky researchers uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play Store. To achieve their goals, the malicious APKs carry multiple components, including a cryptocurrency miner and a banking Trojan capable of completely hijacking the device and spoofing screens, among other ...
- Ericsson US reveals employee and customer data breach after third-party hack
March 10, 2026
The US arm of Ericsson has confirmed suffering a third-party data breach which saw it lose sensitive data on an undisclosed number of its customers. In a data breach notification letter sent out to affected individuals, Ericsson US said it spotted “a suspicious event” and potential unauthorized access to its systems on April 28, 2025. The ...