9 matches found
Sleep with one eye open: how Librarian Ghouls steal data by night
Introduction Librarian Ghouls, also known as "Rare Werewolf" and "Rezet", is an APT group that targets entities in Russia and the CIS. Other security vendors are also monitoring this APT and releasing analyses of its campaigns. The group has remained active through May 2025, consistently targetin...
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control C2 servers...
Head Mare and Twelve join forces to attack Russian entities
Introduction In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. Our investigation showed that Head Mare relied heavily on tools previously associated with Twelve...
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy , which is assessed to share overla...
OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme
A Russian-speaking ransomware group dubbed OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation over the course of two and a half years. "The group's victims include companies in sectors such as logistics, industry, insurance...
Woody RAT: A new feature-rich malware spotted in the wild
This blog post was authored by Ankur Saini and Hossein Jazi The Malwarebytes Threat Intelligence team has identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets...
Anonymous Hits 3 Russian Entities, Leaks 400 GB Worth of Emails
By Waqas Anonymous has taken Operation OpRussia a step further by targeting Aerogas, Forest, and Petrovsky Fort, which happened to… This is a post from HackRead.com Read the original post: Anonymous Hits 3 Russian Entities, Leaks 400 GB Worth of Emails...
Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
Update March 12, 2022: Cisco Talos has updated the IOC section with additional hashes. Executive summary Opportunistic cybercriminals are attempting to exploit Ukrainian sympathizers by offering malware purporting to be offensive cyber tools to target Russian entities. Once downloaded, these...
MSHTML attack targets Russian state rocket centre and interior ministry
Malwarebytes has reason to believe that the MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations. The first template we found is designe...