Hacker group Core Werewolf attacked Russian military-industrial organizations and critical information infrastructure organizations. About a month ago, attackers began using a new self-developed bootloader in their operations, written in the unpopular Autoit programming language, making it harder to detect. The head of the Threat Intelligence department at Bi.Zone told socialbites.ca about this.
Representatives of Core Werewolf sent phishing emails containing links to RAR archives. These also included self-extracting files (SFX). Each of them contains a malicious script (program code – “socialbites.ca”), a legitimate interpreter necessary for its execution (allows you to run the code as a program without preliminary compilation – “socialbites.ca”), as well as a distracting document in PDF format . If the user opened the archive to view the “documents”, the contents of the SFX file were automatically extracted to the temporary file storage (TEMP) folder. The translator then launched the bootloader, a service that installs malware on the compromised device.
“The detectability of used vehicles is constantly increasing. In this context, criminals are making changes to their arsenal in the hope that it will allow them to remain undetected in the victim’s IT infrastructure for longer. The less a tool is used in attacks (such as the Autoit language in this case), the greater the chance that attackers will not be able to recognize it,” Skulkin told socialbites.ca.
Since June this year, the group has also begun experimenting with methods of distributing malicious files. Previously, Core Werewolf sent RAR archives with phishing letters only via email, now target organizations began to receive messages containing malicious attachments in instant messengers, mostly Telegram.
To protect against Core Werewolf attacks, Russian companies are recommended to use up-to-date security tools that can work with software written in the Autoit programming language.
Core Werewolf was first noticed during attacks on the Russian Federation in the summer of 2021.
Russians before said About the most popular scam schemes of 2024.
What are you thinking?
Source: Gazeta
Jackson Ruhl is a tech and sci-fi expert, who writes for “Social Bites”. He brings his readers the latest news and developments from the world of technology and science fiction.