Another attempt to hack the company through emails from the FSB.
In early January, the cyber-espionage group Sticky Werewolf, known for its attacks on government and financial organizations in Russia and Belarus, attempted to disrupt the New Year holidays in Russia. Hackers sent about 250 phishing emails to the email addresses of a Russian telecommunications company on January 2 and 3. This was reported by the company F. A. C. C. T., which stopped the attack attempts by intercepting and blocking phishing emails.
The emails were sent ostensibly on behalf of the FSB, calling on recipients to provide certified copies of documents and containing a link to download a malicious file. Downloading the file resulted in the installation of the remote access Trojan Darktrack RAT (RAT).
Emails sent from the free mail service included a phrase that was not typical for an official request ("We are grateful in advance for the urgency in providing information"), which should have aroused suspicion among the recipients.
In December 2023, Sticky Werewolf already carried out similar attacks on a Russian pharmaceutical company, masquerading as the Ministry of Emergency Situations and the Ministry of Construction. Sticky Werewolf is known for conducting targeted attacks on government agencies and financial organizations in Russia and Belarus. From April to October 2023, the group conducted at least 30 attacks. As an initial attack vector, Sticky Werewolf uses phishing emails with links to malicious files, as well as tools such as remote access Trojans Darktrack RAT and Ozone RAT, as well as the MetaStealer stealer (a variation of RedLine Stealer).
In early January, the cyber-espionage group Sticky Werewolf, known for its attacks on government and financial organizations in Russia and Belarus, attempted to disrupt the New Year holidays in Russia. Hackers sent about 250 phishing emails to the email addresses of a Russian telecommunications company on January 2 and 3. This was reported by the company F. A. C. C. T., which stopped the attack attempts by intercepting and blocking phishing emails.
The emails were sent ostensibly on behalf of the FSB, calling on recipients to provide certified copies of documents and containing a link to download a malicious file. Downloading the file resulted in the installation of the remote access Trojan Darktrack RAT (RAT).
Emails sent from the free mail service included a phrase that was not typical for an official request ("We are grateful in advance for the urgency in providing information"), which should have aroused suspicion among the recipients.
In December 2023, Sticky Werewolf already carried out similar attacks on a Russian pharmaceutical company, masquerading as the Ministry of Emergency Situations and the Ministry of Construction. Sticky Werewolf is known for conducting targeted attacks on government agencies and financial organizations in Russia and Belarus. From April to October 2023, the group conducted at least 30 attacks. As an initial attack vector, Sticky Werewolf uses phishing emails with links to malicious files, as well as tools such as remote access Trojans Darktrack RAT and Ozone RAT, as well as the MetaStealer stealer (a variation of RedLine Stealer).
