Red Wolf is back to spy against commercial firms
Similarly to its earlier attacks, the group maintains its focus on stealing sensitive data of commercial organizations.
Since 2018 Red Wolf has been engaged in corporate espionage in Russia, Canada, Germany, Norway, Ukraine, and the United Kingdom.
To penetrate organizations, the attackers sent out phishing emails. In the series of attacks revealed by BI.ZONE, the hackers used disk images to deliver malware to the target systems. The intrusion had several stages and hence was difficult to detect with conventional security tools. Upon gaining a foothold in a victim’s system, Red Wolf sent data about the compromised environment to the command-and-control server and delivered additional malware.
To reduce the risk of such attacks, it is necessary to improve email security as vulnerable email is most often abused by threat actors similar to Red Wolf. It is important for a company to have the capacity to stop a cyberattack at any stage of its development. Thus, we recommend delegating the detection, response, and prevention of cyber threats to security event monitoring experts.