A cyber espionage campaign by the group Cavalry Werewolf targeted Russian government and industrial entities using phishing emails disguised as Kyrgyz government correspondence. The hackers deployed malware such as FoalShell and StallionRAT, expanding their reach possibly to Tajikistan and the Middle East. #CavalryWerewolf #FoalShell #StallionRAT #YoroTrooper #Kazakhstan
Keypoints
- The group used spear-phishing emails impersonating Kyrgyz government agencies to infect targets.
- Malware included FoalShell for remote access and StallionRAT for command-and-control via Telegram.
- Recent activities suggest the group is expanding its targeting to new geographic regions like Tajikistan and the Middle East.
- Researchers do not attribute the group to a specific nation-state but note possible Kazakh links.
- The campaign has been active since June 2022 and previously targeted various international organizations and embassies.
Read More: https://therecord.media/hackers-pose-kyrgyz-officials-russia-cyber-espionage