Criminals targeted industrial and logistics enterprises of the Russian Federation.
BI. ZONE told about the activities of the new cybercrime group Scaly Wolf. According to experts, the group has been active since the beginning of summer 2023 and has initiated at least 10 campaigns. Criminals hunted for corporate data, mainly choosing industrial and logistics companies from Russia as targets. The last attack was initiated in January 2024.
To distribute malware, attackers send phishing emails disguised as government documents. Among them are requests and demands from Roskomnadzor, the Investigative Committee of the Russian Federation and the Military Prosecutor's Office of the Russian Federation, as well as court orders and other regulatory requirements.
According to experts, a distinctive feature of Scaly Wolf is a high level of legal literacy, with which letters and forged documents were compiled. In all cases, the message text looks extremely convincing and inspires confidence among users. This encourages the victim to follow the instructions from the email and the file from the attached archive, which supposedly contains documents. In fact, there was a White Snake steeler. It allows you to gain unauthorized access to corporate email, CRM systems, and other resources.
White Snake collects authentication data, including usernames and passwords stored in the browser, records keystrokes, copies files from the infected computer, and provides remote access to it. The program is integrated with a bot in Telegram, where attackers receive alerts about new infected devices.
Despite the fact that the developers of White Snake banned its use in Russia and the CIS, Scaly Wolf found a loophole-disabled the function that stopped the program when it detected a Russian or CIS IP address.
According to BI.ZONE, White Snake attracted criminals with its low rental price ($140 per month of rent), ease of use and wide functionality, including the ability to steal data from crypto wallets.
The most likely motives of Scaly Wolf are to get a ransom for stolen data or resell it on the black market. Judging by the continuous activity, the group's attacks on Russian companies will most likely continue according to the same pattern with phishing and the use of White Snake.
BI. ZONE told about the activities of the new cybercrime group Scaly Wolf. According to experts, the group has been active since the beginning of summer 2023 and has initiated at least 10 campaigns. Criminals hunted for corporate data, mainly choosing industrial and logistics companies from Russia as targets. The last attack was initiated in January 2024.
To distribute malware, attackers send phishing emails disguised as government documents. Among them are requests and demands from Roskomnadzor, the Investigative Committee of the Russian Federation and the Military Prosecutor's Office of the Russian Federation, as well as court orders and other regulatory requirements.
According to experts, a distinctive feature of Scaly Wolf is a high level of legal literacy, with which letters and forged documents were compiled. In all cases, the message text looks extremely convincing and inspires confidence among users. This encourages the victim to follow the instructions from the email and the file from the attached archive, which supposedly contains documents. In fact, there was a White Snake steeler. It allows you to gain unauthorized access to corporate email, CRM systems, and other resources.
White Snake collects authentication data, including usernames and passwords stored in the browser, records keystrokes, copies files from the infected computer, and provides remote access to it. The program is integrated with a bot in Telegram, where attackers receive alerts about new infected devices.
Despite the fact that the developers of White Snake banned its use in Russia and the CIS, Scaly Wolf found a loophole-disabled the function that stopped the program when it detected a Russian or CIS IP address.
According to BI.ZONE, White Snake attracted criminals with its low rental price ($140 per month of rent), ease of use and wide functionality, including the ability to steal data from crypto wallets.
The most likely motives of Scaly Wolf are to get a ransom for stolen data or resell it on the black market. Judging by the continuous activity, the group's attacks on Russian companies will most likely continue according to the same pattern with phishing and the use of White Snake.
