APT carries out attacks with data theft and crypto miner deployment
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Librarian Ghouls, an APT group targeting entities in Russia and the CIS, has been conducting a campaign involving targeted phishing emails with malicious archives. The attackers use legitimate third-party software and scripts to establish remote access, steal credentials, and deploy an XMRig crypto miner. Their tactics include disabling security measures, scheduling tasks to cover their tracks, and exfiltrating sensitive data. The campaign primarily affects industrial enterprises and engineering schools in Russia, with some victims in Belarus and Kazakhstan. The group continues to refine its methods, focusing on data exfiltration, remote access, and email account compromise through phishing sites.
OPENCTI LABELS :
apt,phishing,russia,xmrig,data theft,crypto mining,legitimate tools,cis,industrial targets
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
APT carries out attacks with data theft and crypto miner deployment