Cyber Wolves Unleashed: Rare Werewolf's Ruthless Phishing Blitz on Russian and CIS Companies!

From the Shadows: The Unrelenting Hunt of Rare Werewolf

Holy crypto heist, Batman! The notorious cyber gang, Rare Werewolf—aka the Librarian Ghouls and Rezet—has been on a wild rampage, hammering Russian and CIS-based companies with a vicious phishing campaign. These digital desperados have been hijacking devices left and right, turning them into crypto-mining machines and swiping sensitive data like it's going out of style. Kaspersky's latest intel shows these cyber wolves haven't slowed down a bit through May, and they're showing no signs of stopping!

Phishing with a Vengeance: The Inside Scoop on Rare Werewolf's Tactics

Get this: Rare Werewolf's master plan involves slick phishing emails that look legit enough to fool even the savviest of victims. They're all disguised as communications from real-deal organizations, tricking folks into opening those nasty attachments. Once those files are clicked, bam! The attackers snag remote access to the device, scoop up all the juicy data—think credentials and crypto wallet info—and then, to top it off, they plant Monero (XMR) miners that suck the life out of your system's processing power. Sneaky, right? They even set the compromised machines to wake up at 1 AM and snooze by 5 AM, keeping their digital dirty work under the radar.

Targeting the Heart of Industry: Rare Werewolf's Bullseye

These cyber wolves aren't just picking random targets—they're zeroing in on industrial enterprises and engineering schools, places where the stakes are sky-high. Their phishing emails are all in Russian, complete with Russian-named attachments and decoy documents. It's clear as day that Rare Werewolf is gunning for Russian speakers and companies in Russia and the CIS.

Unmasking the Wolves: Kaspersky's Deep Dive into Rare Werewolf's Lair

Kaspersky's cyber sleuths didn't stop at the surface. They dug deep and uncovered a few domains that might be tied to the Librarian Ghouls' sinister plot, though they're not 100% sure. At the time, domains like users-mail.ru and deauthorization.online were still up and running, hosting phishing pages designed with crafty PHP scripts to pilfer login creds for the popular Russian e-mail service, Mail.ru.

The Hunt Continues: Rare Werewolf's Reign of Terror Persists

And guess what? As of Kaspersky's latest report, the Librarian Ghouls' APT campaign is still in full swing. They were spotted launching fresh attacks as recently as last month. So, buckle up, folks—these cyber wolves are still on the prowl, and they're not backing down anytime soon!