Rare Werewolf Targets Hundreds of Firms
Rare Werewolf, an APT group, attacks enterprises in Russia and CIS countries. It uses legitimate software to infiltrate systems since 2019. For example, it hits industrial firms and schools with stealthy methods. This threat steals data and mines cryptocurrency.
How the Attack Begins
Phishing emails deliver password-protected archives with executables. These installers deploy tools like 4t Tray Minimizer. Additionally, a decoy PDF mimics payment orders to trick users. Consequently, attackers gain initial access to the target systems.
Malware Deployment Tactics
The malware uses PowerShell scripts and command files for control. It fetches tools like Defender Control and Blat from remote servers. For instance, AnyDesk enables remote access during a set four-hour window. As a result, attackers maintain persistent access.
Data Theft and Mining
Rare Werewolf steals credentials and Telegram data. It deploys XMRig to mine cryptocurrency quietly. A report notes the group wakes systems at 1 a.m. for attacks. Therefore, it maximizes damage while minimizing detection.
Use of Legitimate Software
Attackers leverage tools like WebBrowserPassView to harvest passwords. This approach obscures their presence and evades antivirus. Moreover, third-party software complicates attribution efforts. This tactic highlights their sophisticated strategy.
Impact on Targeted Regions
Hundreds of Russian users face infections, with some in Belarus and Kazakhstan. Industrial and educational sectors suffer the most. As a result, businesses lose sensitive data and face financial losses. This shows the widespread reach of the threat.
Broader Cybercrime Trends
Other groups like DarkGaboon use similar phishing tactics. They deploy LockBit 3.0 and trojans to target Russia. For example, readily available tools blend attacks with common cybercrime. Therefore, attribution becomes increasingly challenging.
Preventing Rare Werewolf Attacks
To stop Rare Werewolf, avoid opening suspicious email attachments. For example, verify sender details before clicking. Use updated antivirus software to block malicious scripts and enable email filters. Additionally, train employees on phishing risks. These steps help protect against data theft and malware.
Sleep well, we got you covered.
