The criminals wanted to introduce a malware, but got confused in the software.
The Scaly Wolf group, known for its attacks on Russian and Belarusian organizations, resumed its activity at the end of March 2024, releasing at least six phishing mailings to industrial and logistics companies, as well as government agencies. However, hackers failed a series of cyber attacks on Russia due to their own mistakes, the company told BI. Zone.
The attackers planned to gain access to corporate data using the White Snake styler, which they used in previous campaigns. This malicious software allows you to collect usernames and passwords stored in the browser, record keystrokes, copy documents from an infected computer, and gain remote access to it.
The group followed the usual pattern, disguising phishing as official emails from federal agencies. Hackers expected the victim to open the archive attached to the email in ZIP format. Previously, Scaly Wolf simply put the styler in the archive, but now the attackers went a more complex and, as it seemed to them, more reliable way — they used a malicious downloader. When opening the archive, it was supposed to be embedded in the Explorer application and install the latest version of White Snake.
However, when implementing an updated malware delivery method to bypass security mechanisms, the attackers made a serious mistake. Instead of VPO, a legitimate file is copied to the system explorer.exe - "Explorer". That is, even in the event of a successful attack, the criminals did not achieve the main goal — they did not gain access to sensitive data and a compromised system.
During the failed campaign, Scaly Wolf used an updated version of the White Snake styler, which appeared on sale on hacker forums only at the end of March. The malware developers announced "spring discounts" - it was possible to purchase access to the program for six months for $ 500 instead of $ 590, for a year - for $ 800 instead of $ 1100, and indefinitely - for $ 1000 instead of $ 1950.
As noted in the company, earlier the creators of White Snake claimed that one of the buyers allegedly managed to circumvent restrictions on the use of the program in Russia and the CIS countries. They announced this in August 2023 after the publication of a company study on the use of a steeler against Russian companies. Most likely, this is how the developers tried to avoid blocking malware on popular hacker resources. The latest version of White Snake does not include a module that blocks the program's operation on the territory of the Russian Federation and CIS countries.
The Scaly Wolf group, known for its attacks on Russian and Belarusian organizations, resumed its activity at the end of March 2024, releasing at least six phishing mailings to industrial and logistics companies, as well as government agencies. However, hackers failed a series of cyber attacks on Russia due to their own mistakes, the company told BI. Zone.
The attackers planned to gain access to corporate data using the White Snake styler, which they used in previous campaigns. This malicious software allows you to collect usernames and passwords stored in the browser, record keystrokes, copy documents from an infected computer, and gain remote access to it.
The group followed the usual pattern, disguising phishing as official emails from federal agencies. Hackers expected the victim to open the archive attached to the email in ZIP format. Previously, Scaly Wolf simply put the styler in the archive, but now the attackers went a more complex and, as it seemed to them, more reliable way — they used a malicious downloader. When opening the archive, it was supposed to be embedded in the Explorer application and install the latest version of White Snake.
However, when implementing an updated malware delivery method to bypass security mechanisms, the attackers made a serious mistake. Instead of VPO, a legitimate file is copied to the system explorer.exe - "Explorer". That is, even in the event of a successful attack, the criminals did not achieve the main goal — they did not gain access to sensitive data and a compromised system.
During the failed campaign, Scaly Wolf used an updated version of the White Snake styler, which appeared on sale on hacker forums only at the end of March. The malware developers announced "spring discounts" - it was possible to purchase access to the program for six months for $ 500 instead of $ 590, for a year - for $ 800 instead of $ 1100, and indefinitely - for $ 1000 instead of $ 1950.
As noted in the company, earlier the creators of White Snake claimed that one of the buyers allegedly managed to circumvent restrictions on the use of the program in Russia and the CIS countries. They announced this in August 2023 after the publication of a company study on the use of a steeler against Russian companies. Most likely, this is how the developers tried to avoid blocking malware on popular hacker resources. The latest version of White Snake does not include a module that blocks the program's operation on the territory of the Russian Federation and CIS countries.
