Cavalry Werewolf Targets Public Sector with Malware

A threat actor tracked as Cavalry Werewolf is actively targeting public sector agencies and enterprises in the energy and manufacturing sectors. The group initiates attacks using targeted phishing emails that impersonate government officials to deliver malicious archives. These archives contain custom malware families such as FoalShell and StallionRAT, which provide attackers with remote access and command execution capabilities. StallionRAT notably uses a Telegram bot for its command-and-control infrastructure, allowing operators to exfiltrate data and upload additional tools. Evidence suggests the group is expanding its operations, with artifacts indicating a broader geographic focus.

Latest mentioned: 10-03

Earliest mentioned: 10-03

Sources

securityonline.info thehackernews.com

Also Read

WhatsApp Malware Spreads Rapidly on Windows Systems

A new self-propagating malware, codenamed SORVEPOTEL, is targeting users through the popular messaging app WhatsApp. The campaign spreads via phishing messages containing malicious ZIP files, primarily affecting Windows systems in a specific country. Engineered for rapid propagation rather than data theft, the malware hijacks the desktop version of WhatsApp to spam all of the user's contacts and groups. This automated spreading often results in the compromised account being banned for violating the platform's terms of service. The attack begins with a message from an already compromised contact, lending it credibility to trick users into opening the malicious attachment.

10-03Read more →