Cavalry Werewolf raids Russia’s public sector with trusted relationship attacksThe malicious actors pose as government officials and utilize own crafted malware in their attacksOct 2Oct 2
Paper Werewolf targets Russia with WinRAR zero-day vulnerabilityThe cluster continues its campaign against Russian organizations—this time exploiting WinRAR flawsAug 20A response icon1Aug 20A response icon1
Deep dive into CVE-2025–29824 in WindowsAuthor: Andrey Chizhov, Senior Vulnerability ResearcherAug 19Aug 19
Rainbow Hyena strikes again: new backdoor and shift in tacticsA new phishing campaign targeted healthcare and IT organizations. The hacktivists were using polyglot and LNK files mimicking legitimate…Jul 15Jul 15
Malware or LLM? Silent Werewolf employs new loaders to attack Russian and Moldovan organizationsThe threat actor hinders payload retrieval, making it harder for researchers to trace the malware and analyze the clusterMay 27May 27
Exploring CVE-2025–24364 and CVE-2025–24365 in VaultwardenAccording to BI.ZONE TDR, 10% of Russian companies use Vaultwarden this year.Apr 28Apr 28
Sapphire Werewolf refines Amethyst stealer to attack energy companiesThe Sapphire Werewolf cluster continues to enhance its toolkit, now leveraging a new version of the Amethyst stealer. The threat actor…Apr 9Apr 9
Squid Werewolf cyber spies masquerade as recruitersThe adversaries impersonated a legitimate company, emailing fake job descriptions to employees of targeted organizationsMar 12Mar 12
Bloody Wolf evolution: new targets, new toolsThe notorious cluster changes its toolkit by switching from malware to a legitimate remote administration toolFeb 20Feb 20
NOVA: blast from the pastAttackers use a fork of a popular stealer to target Russian companiesFeb 4Feb 4
