Publishing views: 18

Using the striker and the striker, the “Knights of the Wolf” attack “the new Russian agencies” aims to attack the new Russian agencies “

The actor of the threat was seen as watching similarities with the Hacker Collective Yorotrooper using the families of harmful programs such as Foalshell and Stallionrat to attack the Russian public sector.

In light of the name of the filtered schools, the cyberspace provider Bi.zone monitors behavior. In addition, it is evaluated to share similarities with groups that are monitored as Tomiris, Comrade Saiga, Silent Lynx, Stugeonphisher and Shadowsilk.

“For the first arrival, the attackers sent the targeted delicious emails in which you disguise as official correspondence from Kyrgyz government officials,” as Bi.zone claimed. “The main targets of attacks were Russian state agencies, as well as energy, mining and manufacturing institutions.”

The group-IB in August 2025 revealed that Shadowsilk has launched operations against government organizations in Asia, Asia and the Pacific (APAC) using the Trojan horses from the remote access and tools of the reverse agent that was originally built in Bethon and subsequently transferred to Powershell.

The wolf wolf’s connections with Tomiris are noticeable, partly because they support the theory that is a threat representative with relations with Kazakhstan. Microsoft Baker linked Tomiris to the representative of its headquarters in Kazakhstan, which was identified as Storm-0473 in a report published at the end of last year.

The latest clinic campaigns, which were discovered between May and August 2025, use fake email addresses to distribute RAR archives that contain chef or stallion by demonstrating as Kyrgyz government officials.

According to reports, the representative of the threat sent the messages in at least one by storming a valid email account linked to the organizational body of the Republic of Kyrgyz. In GO, C ++ and C#versions, Loalshell is a lightweight reverse shell that enables operators to use CMD.Exe to implement introductory orders.

This also applies to Stallionrat, which is written in Go, PowerShell and Python and allows attackers to download more files, run arbitrary orders, and use a telegram robot to hack from the collected data. Here are some of the instructions supported by the robot:

• /List, to receive a list of the hosts at risk (Deviceid and Computer Name) connected to the command and control server (C2).
• /Go (Deviceid), to implement the specified order using the expression of the summons.
• /Download (Deviceid), to download a file on the victim.

Tools such as Revessocks5age and Respects5 are also running tools, along with orders to collect device information, on the affected hosts.

According to the Russian cybersecurity provider, he also discovered many file names in Arabic and English, indicating that targeting the cavalry may be more comprehensive than previously believed.

Bi.zone stated: “I tried the wolf weapon with a wolf activity to expand its arsenal.” “This highlights the importance of rapid visions of the tools that the mass uses; otherwise, it will be impossible to maintain updated measures to prevent and detect such attacks.”

At least 500 Russian companies were hacked, the majority of which were in the financing, entertainment, education and trade sectors, according to the company’s disclosure to analyze the leaflets that were made on Telegram channels or underground forums during the past year by infiltrators and financial attackers.

“In 86 % of cases, attackers have published stolen data from the web applications that are at risk,” he said. “The attackers installed the GS-NETCAT on the risk to ensure continuous access after they were able to access the public web application. The attackers sometimes loaded additional web shells. In addition, they extracted data from databases using good reputation programs such as the supervisor, phpminiadmin, and mysqlddump.

About the author:

Yogash Naager It is a content specialist in cybersecurity and a B2B area. In addition to writing for news4haackers blogs, it also writes for brands including Craw Security, bytecode Security and Nasscom.

Read more:

SBI Crypto violated by North Korean infiltrators and 175 rupees stolen in digital theft

About the author