Hackers linked to the Leak Wolf group carried out data theft from more than forty Russian companies without deploying malware, instead posing as legitimate employees of those organizations. This claim comes from Bi.Zone, a digital risk management firm, as reported by RIA Novosti.
Bi.Zone’s data indicates that retail, educational institutions, and information technology companies bore the greatest impact from Leak Wolf’s activities. Notably, the attackers avoided using malware, did not exploit publicly available software vulnerabilities, and did not conduct phishing campaigns. Their method relied on authentic-looking access through the accounts of real staff or IT contractors, which helped them stay under the radar for extended periods.
The attackers also rented servers within Russia or employed virtual private networks to enable remote access. With the rise of remote work, such behavior did not draw suspicion from security services, allowing the operation to continue longer than typical infiltrations.
Experts point to insufficient digital hygiene among employees as a key factor in the attackers’ sustained success. Many workers registered for third-party services with work emails, reused simple passwords, and did not vary credentials across different accounts, creating easy entry points for intruders.
Bi.Zone explains that once inside a company’s infrastructure, the hackers mapped the network, gathered crucial business information, and in particular the customer base. They then uploaded the stolen data to cloud storage and publicly posted a link to the files, making the breach visible to wider audiences.