BI.ZONE Threat Intelligence uncovered two sophisticated cyber-espionage campaigns by Silent Werewolf targeting Russian and Moldovan organizations with advanced obfuscated loaders and multi-stage infection chains. The campaigns primarily used phishing emails featuring malicious attachments and URLs, leveraging legitimate tools and obfuscation techniques to evade detection. #SilentWerewolf #Aion #RussianOrganizations #MoldovanOrganizations
Keypoints
- Silent Werewolf launched two targeted campaigns in March 2025 aimed at Russian and Moldovan organizations.
- The attacks used custom obfuscated loaders disguised as legitimate documents and software.
- Phishing emails contained ZIP archives with malicious LNK files, decoy PDFs, and signed Microsoft executables.
- The infection chain involved multi-stage unpacking, encrypted payloads, and evasion tactics like environment checks.
- Legitimate tools, obfuscation, and user-agent spoofing were extensively used to delay detection and analysis.