Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

‘Librarian Ghouls’ cyberattackers strike at night

(Akshar Dave / Unsplash)

By Jai Vijayan

A newly uncovered cyber campaign by an advanced persistent threat (APT) group known as “Librarian Ghouls” is targeting organizations in Russia with stealthy nighttime attacks to steal sensitive data and deploy cryptocurrency miners on victim systems.

According to Kaspersky researchers tracking the campaign, the initial infection vector involves targeted phishing emails carrying password-protected archive files that contain executable payloads.

The emails look like legitimate communications from trusted organizations, with the attachments disguised as official documents — like a payment order PDF. The infection chain begins when the recipient opens the archive file, using a password typically included in the email itself, and then extracts and runs the enclosed files. The payload contains capabilities for automatically waking up the victim’s system from sleep mode at 1 a.m. local time, and allowing the attackers remote access to it for a four-hour period before it goes silent at 5 a.m.

Read more at Dark Reading

Click to listen highlighted text!