Cybercriminals Target Russian Companies with phishing Attacks
A cybercriminal group, dubbed Rare Werewolf, is launching targeted phishing attacks on Russian and CIS-based companies. The group, also known as “Librarian Ghouls” or “Rezet,” has been active since May, focusing on industrial enterprises and engineering schools.
The attackers use phishing emails that mimic legitimate communications. These emails contain malicious attachments.When opened, they give the attackers remote access to the device. The hackers then steal sensitive data, such as login credentials and crypto wallet details. They also install Monero (XMR) crypto miners to use the system’s processing power.
To stay hidden,the attackers set the compromised machines to wake up at 1 AM and shut down at 5 AM. This timing helps avoid detection.The phishing emails are in Russian, suggesting the group targets Russian speakers.
Kaspersky’s research uncovered domains linked to the campaign.These include users-mail[.]ru and deauthorization[.]online. These domains host phishing pages designed to steal Mail.ru login credentials.
The librarian Ghouls campaign is still active. Recent attacks were observed last month.Companies shoudl stay vigilant and educate employees about phishing threats.
