Threat Actor targets Russia’s Aviation Sector.

June 7, 2024

A threat actor known as “Sticky Werewolf” is using layered infection chains to compromise organizations involved with Russia’s aviation industry. The group has been around since at least April 2023, and seems to be interested in espionage relating to the conflict between Russia and Ukraine.

The group was targeting public organizations in Russia and Belarus, but recent targets have included a pharmaceutical company and a Russian research institute involved in microbiology and vaccine development. In prior campaigns, Sticky Werewolf phishing emails included links to download malicious files. Now, its infections are notably more complex. The final payload will be some sort of commercial remote access Trojan (RAT).

read more

Belarus Rail Network disrupted by Hacktivist Group

January 24, 2022

Second reported attack on Belarus Rail, this time with OT consequences. Hacktivist group “Cyber Partisans” disrupted routing and switching by hacking into computers controlling the rail network, halting trains in Minsk, Orsha and Osipovichi. They did this to slow troop movements into Ukraine, who are transiting from Russia through Belarus to support the Russian invasion which began 4 days prior.

Impact: Rail routing and switchgear disabled, trains in Minsk, Orsha, and Osipovichi stopped.

read more