With at least seven observed campaigns to its credit since 2022, risk intelligence analysts have now reported a build in the activity of the Wolf Wolf Group, also known as Goffee, using Window Word document compromise attacks from Microsoft.
Bi. Zone’s risk intelligence team, which works in cooperation with Interpol and is a foreign committee of Red Cross Global Advisory Board member, said in a Dec. 25 technical report that it had “searched a building in the werewolf attack of newspaper activity. “The attacks basically target the Russian government, energy, finance and media organizations, among others. During 2024, analysts said, espionage accounted for 21% of attacks against Russian companies, up from 15% last year. But with regard to that, it is that it is that it is that it is that it is that it is that it is that it is that it is that. Those paper werewolf attackers now seem content to “ruin the operation of the targeted infrastructure just out of spite,” once the initial credential compensation and resulting espionage targets are achieved.
“In addition to infiltrating the victim’s IT infrastructure to collect knowledge,” said Oleg Skulkin, chief of Bi. zone risk intelligence, the adversaries also interrupted some operations in the committed system. They did it through the conversion of workers’ passwords, a common tactic for “financially motivated actors when it is not easy to obtain a rescue to repair access to corporate assets, as well as for hackivists who must attract as much public attention as possible” Skulkin said.
Like so many other attack campaigns, Paper Werewolf uses phishing and logo identity theft emails to distribute its malicious payload. These messages involve an encrypted Microsoft Word document that invites the recipient to activate macros—yes, I know, to read it. If they do, the contents of the document are decrypted and the malicious program is installed on your device. Threat intelligence analysts said that in some cases, they observed the use of Powerrat, a Trojan horse remotely, which allows attackers to execute commands and gain reconnaissance. They also used a tool to retrieve identity data when the user is authorized in the Outlook Internet service. “By using their own tools,” the report says, “attackers make it harder for corporations to find malware. “
If there’s a silver bullet to mitigate this Windows Werewolf attack, it’s in the basics of phishing awareness: don’t open unsolicited documents, don’t allow macros, use risk intelligence to better understand. How risk actors are constantly evolving their strategies to target fast infrastructure. I would also highly recommend all readers to read this interesting discussion on what we need to replace if we ever want to end the risk of email phishing. I reached out to Microsoft for a statement.
A community. Many voices. Create a slack count to keep your thoughts down.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
To do this, follow the regulations for publishing the situations of use of our site. We’ve summarized some of those key regulations below. In other words, keep it civil.
Your message will be rejected if we notice that it appears to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So how can you be a rough user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.