Sapphire Werewolf refines Amethyst stealer to attack energy companies
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Sapphire Werewolf cluster has upgraded its toolkit with a new version of the Amethyst stealer, targeting energy companies through phishing emails. The enhanced malware features advanced checks for virtualized environments and uses Triple DES for string encryption. The attack involves distributing a malicious attachment disguised as an official memo, which contains a C#-based loader protected with .NET Reactor. The Amethyst stealer collects extensive system data, credentials from various applications, and documents from compromised systems. The threat actor's sophisticated approach includes improved evasion techniques and data exfiltration methods, posing a significant risk to targeted organizations.
OPENCTI LABELS :
phishing,credential theft,amethyst stealer,virtualization detection
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Sapphire Werewolf refines Amethyst stealer to attack energy companies