A threat actor linked to groups like YoroTrooper and Tomiris is targeting Russian and Central Asian entities with malware such as FoalShell and StallionRAT. This group, known as Cavalry Werewolf, uses sophisticated phishing campaigns and remote access tools to infiltrate government and industrial organizations. #YoroTrooper #Tomiris #FoalShell #StallionRAT
Keypoints
- The threat actor targets Russian public sector and energy industries using spear-phishing campaigns.
- Cavalry Werewolf is suspected to have Kazakhstan affiliations, linking it to the Storm-0473 actor.
- The malware threat includes FoalShell and StallionRAT, which allow remote command execution and data exfiltration.
- The group is expanding its toolkit, using multiple languages and broader targeting scope.
- Recent attacks have compromised hundreds of companies across Russia, mainly in finance, commerce, and education sectors.
Read More: https://thehackernews.com/2025/10/new-cavalry-werewolf-attack-hits.html