BI.ZONESapphire Werewolf polishes Amethyst stealer to attack over 300 companiesThe adversaries use the open-source SapphireStealer to create their own malware for collecting employee authentication data from Russian…Jun 5Jun 5
BI.ZONEScaly Wolf’s new loader: the right tool for the wrong jobThe BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizationsMay 2May 2
BI.ZONECloud Werewolf spearphishes for government employees in Russia and Belarus with fake spa vouchers…The attackers use phishing emails with seemingly legitimate documents and evade defenses by hosting the malicious payload on a remote…Mar 29Mar 29
BI.ZONEFluffy Wolf sends out reconciliation reports to sneak into corporate infrastructuresThe group has adopted a simple yet effective approach to gain initial access: phishing emails with an executable attachment. This way…Mar 19Mar 19
BI.ZONEMysterious Werewolf hits defense industry with new RingSpy backdoorThe criminal group gains initial access through phishing emails with a compressed executable that unleashes RingSpy, an original remote …Mar 13Mar 13
BI.ZONEScaly Wolf uses White Snake stealer against Russian industryThe group, which has been on the radar since the summer of 2023, conducted several phishing campaigns using Russian regulatory body and law…Feb 2Feb 2
BI.ZONEA striking resemblance: Gambling Hyena and Twelfth Hyena clusters comparedWhat is common between two hacktivist groups attacking the Russian government sector.Dec 28, 2023Dec 28, 2023
BI.ZONERare Wolf preys on sensitive data using fake 1C:Enterprise invoices as lureHow adversaries create diversions and stay invisibleNov 29, 2023Nov 29, 2023
BI.ZONESticky Werewolf attacks public organizations in Russia and BelarusOur cyber threat intelligence experts discover a new group that uses presumably legitimate software to interfere with government…Oct 13, 2023Oct 13, 2023
BI.ZONEWhite Snake spotted in emails: the stealer was disguised as official state requirementsAny threat actor with $140 can utilize this malware. For that price, they get a complete end-to-end attack kit: i) a builder to create…Aug 8, 2023Aug 8, 2023