BI.ZONEZooming in on CVE-2024–7965On August 21, Google released an update for Chrome, fixing a total of 37 security flaws. Researchers across the globe paid their attentionSep 23Sep 23
BI.ZONEBreaking down CVE-2024–38063: remote exploitation of the Windows kernelWe have examined the Windows TCP/IP network stack flaw that could grant adversaries remote access with maximum privileges. Exploiting…Sep 31Sep 31
BI.ZONEStone Wolf employs Meduza Stealer to hack Russian companiesA new cluster of activity abuses a legitimate brand to spearphish for credentials and system dataSep 2Sep 2
BI.ZONEBloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malwareSince late 2023, BI.ZONE Threat Intelligence experts have been tracking the activity of Bloody Wolf. The cluster attacks organizations in…Jul 31Jul 31
BI.ZONESapphire Werewolf polishes Amethyst stealer to attack over 300 companiesThe adversaries use the open-source SapphireStealer to create their own malware for collecting employee authentication data from Russian…Jun 5Jun 5
BI.ZONEScaly Wolf’s new loader: the right tool for the wrong jobThe BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizationsMay 2May 2
BI.ZONECloud Werewolf spearphishes for government employees in Russia and Belarus with fake spa vouchers…The attackers use phishing emails with seemingly legitimate documents and evade defenses by hosting the malicious payload on a remote…Mar 29Mar 29
BI.ZONEFluffy Wolf sends out reconciliation reports to sneak into corporate infrastructuresThe group has adopted a simple yet effective approach to gain initial access: phishing emails with an executable attachment. This way…Mar 19Mar 19
BI.ZONEMysterious Werewolf hits defense industry with new RingSpy backdoorThe criminal group gains initial access through phishing emails with a compressed executable that unleashes RingSpy, an original remote …Mar 13Mar 13
BI.ZONEScaly Wolf uses White Snake stealer against Russian industryThe group, which has been on the radar since the summer of 2023, conducted several phishing campaigns using Russian regulatory body and law…Feb 2Feb 2