A sophisticated cyberattack by the group Cavalry Werewolf targeted a Russian government organization, using phishing emails and multiple malware variants to steal data and perform network reconnaissance. The campaign highlights the threat posed by advanced persistent threat actors employing open-source tools and covert tactics. #CavalryWerewolf #BackDoorShellNET #TrojanFileSpyNET #ReverseSocks5
Keypoints
- The attack began with phishing emails containing malicious, disguised attachments.
- Malware such as BackDoor.ShellNET.1 and Trojan.FileSpyNET was used to gain access and exfiltrate data.
- Attackers employed various backdoors and script-based malware to maintain control and persistence.
- They tampered with legitimate software binaries and conducted network reconnaissance using Windows utilities.
- Defense strategies should include robust email filtering, endpoint detection, and network segmentation.
Read More: https://gbhackers.com/cavalry-werewolf/