Hackers attacked Russian MIC and stole valuable files: saw a leak not immediately

The Mysterious Werewolf group masked the harmful software under legitimate services, so the victims did not immediately realize that they had been attacked. The Mysterious Werewolf Hacker Group, which has been operating since 2023, began to use its own programs for attacks on the Russian military-industrial complex (MIC). This was found out by the Russian digital risk management company Bi. zone, Gaming Deputy reports. According to Oleg Skulkin of Bi.

zone, the Mysterious Werwolf group has managed to integrate legal services into its harmful program. This, in his opinion, complicated the detection of attack - for a long time no one suspected that the systems of Russian companies were compromised. Some time ago, it became known that Mysterious Werewolf attacked several Russian semiconductors. And recently it was possible to find out that hackers from this group are involved in the attack on Russian manufacturers who work in the field of MIC.

The malefactors issued themselves for the Ministry of Industry and Trade of the Russian Federation, sending phishing letters containing the archive Pismo_izweshcanie_2023_10_16. Rar, which operated the vulnerability of CV-2023-38831 in Winrar, discovered last year. The archive contained a PDF document as well as a folder with a harmful CMD file. After opening the archive and clicking on the document, the expression launched a CMD file. Accordingly, WinRar. exe launched cmd.

exe to activate the malicious CMD file, which then performed the Powershell script. According to the researchers in the field of cybersecurity, the script performed the following actions: an interesting feature of the attack was that the hackers of mysterious werwolf not only used a cross -frame frameworked to work together with a sketchy, which allows to perform a variety Download files, execute commands and scripts, scan network, etc. They combined a framework with their own harmful software.