The country's medical sector is being targeted by hackers for the second time in a month.
According to F. A. C. C. T., on December 22, the hacker group Sticky Werewolf made a second attempt to attack a Russian pharmaceutical company.
This time, the attackers sent a phishing email to the target company on behalf of the Ministry of Emergency Situations of the Russian Federation. The letter referred to a new order of the department that allegedly came into force, with a request to instruct employees on the procedure.
However, a careful analysis of the email revealed inconsistencies: it was sent from a free email service, and the last name in the address didn't match the artist's signature.
As part of the attack, the attackers planned to use the Darktrack RAT malware, which allows them to gain remote access to the victim's system.
In early December, the same group attacked a Russian research institute that develops vaccines. The mailing list was also conducted on behalf of the Ministry of Construction of the Russian Federation.
Sticky Werewolf is known for conducting targeted attacks on government agencies and financial organizations in Russia and Belarus. From April to October 2023, the group conducted at least 30 attacks. As an initial attack vector, Sticky Werewolf uses phishing emails with links to malicious files, as well as tools such as remote access Trojans Darktrack RAT and Ozone RAT, as well as the MetaStealer stealer (a variation of RedLine Stealer).
According to F. A. C. C. T., on December 22, the hacker group Sticky Werewolf made a second attempt to attack a Russian pharmaceutical company.
This time, the attackers sent a phishing email to the target company on behalf of the Ministry of Emergency Situations of the Russian Federation. The letter referred to a new order of the department that allegedly came into force, with a request to instruct employees on the procedure.
However, a careful analysis of the email revealed inconsistencies: it was sent from a free email service, and the last name in the address didn't match the artist's signature.
As part of the attack, the attackers planned to use the Darktrack RAT malware, which allows them to gain remote access to the victim's system.
In early December, the same group attacked a Russian research institute that develops vaccines. The mailing list was also conducted on behalf of the Ministry of Construction of the Russian Federation.
Sticky Werewolf is known for conducting targeted attacks on government agencies and financial organizations in Russia and Belarus. From April to October 2023, the group conducted at least 30 attacks. As an initial attack vector, Sticky Werewolf uses phishing emails with links to malicious files, as well as tools such as remote access Trojans Darktrack RAT and Ozone RAT, as well as the MetaStealer stealer (a variation of RedLine Stealer).
