Never play squid game with werewolves

Phishing emails disguised as notifications from regulators or other agencies are commonly employed by espionage clusters targeting public and research organizations. However, the Squid Werewolf cyber spies took an unconventional approach by impersonating HR managers from a major legitimate employer.

Squid Werewolf is an espionage cluster attacking organizations in India, Japan, Russia, South Korea, Vietnam, the UAE, the US, and other countries. In late 2024, the threat actor attempted to infiltrate a Russian company. Believing they could steal valuable information from an employee’s computer, the attackers sent a phishing email masquerading as a legitimate job opportunity from an industrial organization.

The attackers sent phishing emails containing a ZIP archive with an LNK file Предложение о работе.pdf.lnk (job offer). They aimed to lure victims into opening the attachment and running the malware, thereby gaining access to sensitive data.

Notably, adversaries are increasingly moving away from Microsoft Word and Excel documents, as Microsoft sometimes blocks macro execution in files downloaded from the Internet. As a result, they are shifting focus to archives containing executables, scripts, or shortcuts.

In 2024, 57% of targeted attacks on Russian companies began with phishing emails. These risks can be mitigated with email protection solutions like BI.ZONE CESP. The service features a high‑performance engine of our own design and incorporates various methods of email traffic analysis.

Data feeds from such portals as BI.ZONE Threat Intelligence can help you keep track of attacks and build an effective cybersecurity strategy. The solution offers, among other things, insights into‑threat actors’ methods and tools, as well as information from underground resources. This data ensures the precision of your security solutions, which in turn accelerates incident response and protects your company from the most critical threats.