Cavalry Werewolf hacker group attacks Russian state institutions
Essential information
- Published
- 07/11/2025 09:07
- Modified
- 07/11/2025 10:05
- Tags
- 2025-11-07 backdoor.reverseproxy.1 backdoor.reverseshell.10 backdoor.rshell.169 backdoor.shellnet.1 backdoor.shellnet.2 backdoor.siggen2.5463 backdoor.tunnel.41 backdoors bat.downloader.1138 data theft network infiltration open-source tools phishing reverse shell russian government telegram api trojan.filespynet.5 trojan.inject5.57968 trojan.packed2.49708 trojan.packed2.49862 trojan.siggen31.54011
- Related entities
- 27 observables, 1 intrusion sets (apt), 13 malware, 2 others
Description
A Russian government organization was targeted by the Cavalry Werewolf hacker group, aiming to collect confidential information and network data. The attack began with phishing emails containing malware disguised as documents. The group utilized various tools including backdoors, trojans, and modified legitimate programs. They employed open-source software, reverse-shell backdoors, and Telegram API for control. The attackers focused on information gathering, network configuration, and establishing persistence in compromised systems. Their tactics included using Windows built-in tools, modifying the registry, and exploiting public directories for malware deployment. The group's sophisticated approach and diverse toolset highlight the evolving threat landscape for government institutions.