Remote access Trojans shaped most cyberattacks against Russian companies in 2024. In roughly twenty nine percent of incidents thieves were used to steal sensitive information, while malware downloaders appeared in about sixteen percent of cases. The pattern shows an emphasis on covert access that enables prolonged presence within victim networks and sets the stage for more serious intrusions.
Thieves provide criminals with a window into devices, collecting details such as the operating system version and hardware information, as well as credentials from crypto wallets, email clients, browsers, and other applications. The stolen authentication data can be used to mount more focused and consequential intrusions against compromised organizations, allowing attackers to move laterally and exploit trusted sessions.
The list of stealers most commonly seen in attacks includes FormBook, SnakeLogger, Rhadamantys, PureLogs Stealer, and MetaStealer. MetaStealer accounts for roughly one in ten attacks. It is described as akin to the well known RedLine thief, but there are no restrictions on use against companies in Russia and other CIS countries.
The absence of bans on MetaStealer for use against Russian targets is viewed as an advantage by attackers. The Venture Wolf group, which targets sectors such as industry, construction, information technology, telecom and others, is an active user of MetaStealer in campaigns against Russian firms. To deliver the thief, attackers send phishing emails with archives containing a downloader that uses a dot com extension, and less often a dot exe file; when opened, the downloader installs the thief on the victim’s device.
To distract recipients and appear legitimate, phishing messages frequently include organization cards bearing company details and addresses. This tactic increases trust and reduces suspicion. It is important to recognize that trademark owners are not responsible for the actions of cybercriminals or the damages that may result from their exploits.
Earlier reports indicated that hackers could exploit graphics processing units to compromise a broad range of computers. The evolving threat landscape shows that credential theft and the deployment of stealthy tools are not confined to any one region, and organizations should strengthen defenses by improving email security, credential hygiene, timely software patching, and continuous network monitoring to detect anomalous access patterns.