216.73.217.64

Massive offensive launched on Russian businesses

· Published 09/07/2026 14:53

Export JSON

Essential information

Published
09/07/2026 14:53
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
belarus chemical industry lnk file netsupport manager phishing campaign powershell loader russian targets url shortener
Related entities
58 indicators, 18 observables, 1 intrusion sets (apt), 17 techniques (mitre), 1 malware

Description

In May and June 2026, the Clubfoot Wolf cluster executed a large-scale targeting Russian organizations across manufacturing, retail, e-commerce, agriculture, IT, transportation, healthcare, and science sectors, with primary focus on wholesale distributors of chemical products. Several Belarusian organizations were also compromised. The adversary sent phishing emails disguised as invoices or purchase requests, containing ZIP archives with decoy documents and malicious LNK files. Upon execution, a PowerShell script downloaded and installed , a legitimate remote administration tool, which was then used for malicious activities. The attackers employed URL shorteners to hide infrastructure and used multiple decoy files to build victim trust. The campaign demonstrated continuous evolution in delivery methods and infection chains.

External references