BI.ZONECore Werewolf hones its arsenal against Russia’s government organizationsAdversaries experiment with new tools and malware delivery methods.Oct 10Oct 10
BI.ZONEWreaking havoc in cyberspace: threat actors experiment with pentest toolsA new research by BI.ZONE Threat Intelligence reveals how adversaries attempt to bypass cybersecurity systems.Oct 8Oct 8
BI.ZONEZooming in on CVE-2024–7965On August 21, Google released an update for Chrome, fixing a total of 37 security flaws. Researchers across the globe paid their attentionSep 23Sep 23
BI.ZONEBreaking down CVE-2024–38063: remote exploitation of the Windows kernelWe have examined the Windows TCP/IP network stack flaw that could grant adversaries remote access with maximum privileges. Exploiting…Sep 31Sep 31
BI.ZONEStone Wolf employs Meduza Stealer to hack Russian companiesA new cluster of activity abuses a legitimate brand to spearphish for credentials and system dataSep 2Sep 2
BI.ZONEBloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malwareSince late 2023, BI.ZONE Threat Intelligence experts have been tracking the activity of Bloody Wolf. The cluster attacks organizations in…Jul 31Jul 31
BI.ZONESapphire Werewolf polishes Amethyst stealer to attack over 300 companiesThe adversaries use the open-source SapphireStealer to create their own malware for collecting employee authentication data from Russian…Jun 5Jun 5
BI.ZONEScaly Wolf’s new loader: the right tool for the wrong jobThe BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizationsMay 2May 2
BI.ZONECloud Werewolf spearphishes for government employees in Russia and Belarus with fake spa vouchers…The attackers use phishing emails with seemingly legitimate documents and evade defenses by hosting the malicious payload on a remote…Mar 29Mar 29
BI.ZONEFluffy Wolf sends out reconciliation reports to sneak into corporate infrastructuresThe group has adopted a simple yet effective approach to gain initial access: phishing emails with an executable attachment. This way…Mar 19Mar 19