What is common between two hacktivist groups attacking the Russian government sector. The BI.ZONE Threat Intelligence team has expanded its taxonomy of threat actors. Previously, we distinguished state-sponsored groups as Werewolves and all the others as Wolves. …

How adversaries create diversions and stay invisible BI.ZONE Threat Intelligence specialists have discovered a cybercriminal group that has been active since at least 2019. While this cluster of activity was previously directed against the countries neighboring Russia, now such attacks have reached Russia itself. …

Our cyber threat intelligence experts discover a new group that uses presumably legitimate software to interfere with government organizations. A characteristic feature of these attackers is the use of popular tools that are easy to detect and block. Nevertheless, this has not stopped Sticky Werewolf from succeeding. …

Any threat actor with $140 can utilize this malware. For that price, they get a complete end-to-end attack kit: i) a builder to create malware samples, ii) access to the control panel of compromised devices, iii) updates and messenger support. …

Cybercriminals have modified the standard “phishing email + remote access” combo with an unexpected hook — the leveraging of legitimate Russian software. BI.ZONE CESP has detected and prevented one such attack that targeted hospitality organizations. …

The cyber spies who had been on hiatus since 2022 make a surprising comeback. Red Wolf has been spotted penetrating company infrastructures for espionage purposes. By slowly moving forward in the compromised environments and not drawing much attention, the group managed to stay invisible for up to six months. BI.ZONE…

Delivering attacks through emails is so last century, or at least so seem to think the Watch Wolf group hackers who switched to spreading their malware through SEO poisoning. We discovered that they deliver the Buhtrap trojan through fake websites posing as legitimate resources for accountants. …

A new threat has been uncovered. The Key Wolf hacker group is bombarding Russian users with file-encrypting ransomware. Interestingly enough, the attackers do not demand any ransom. Nor do they provide any options to decrypt the affected files. Our experts were the first to detect the proliferation of the new…

By Konstantin Molodyakov Masscan is a fast network scanner that is good for scanning a large range of IP addresses and ports. We’ve adapted it to our needs by giving it a little tweak. The biggest inconvenience in the original version was the inability to collect banners from HTTPS servers…