Rare Werewolf, an advanced persistent threat group, has been attacking targets in Russia and CIS countries since at least 2019. Their approach focuses on leveraging legitimate third-party software for their attacks, primarily utilizing command files and PowerShell scripts to achieve malicious ends. The attacks aim to infiltrate systems, steal sensitive data such as credentials, and deploy cryptocurrency miners. Recent methods involve sending phishing emails with password-protected archives that activate infections through legitimate tools, allowing attackers to evade detection while manipulating the compromised systems.
A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries, Kaspersky said.
The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts.
The intent of the attacks is to establish remote access to compromised hosts, siphon credentials, and deploy the XMRig cryptocurrency miner.
This software can minimize running applications to the system tray, allowing attackers to obscure their presence on the compromised system, Kaspersky.
Collection
[
|
...
]