Librarian Ghouls
0 incidentes
0 paises
0 sectores
apt RU Ultimo: -
Aliases: rare werewolf
Librarian Ghouls, also known as Rare Werewolf or Rezet, emerged around 2019 as an advanced persistent threat group primarily focused on credential theft, remote access, and cryptojacking. The group is assessed with high confidence to be of Russian origin, indicated by its consistent targeting of entities within Russia and the Commonwealth of Independent States, and the use of Russian-language phishing materials. A distinguishing characteristic of Librarian Ghouls is its primary reliance on legitimate third-party software and PowerShell scripts for malicious operations, a technique that allows them to maintain a lower profile and evade detection compared to groups employing custom malware. They are known for conducting stealthy nighttime operations, often between 1 AM and 5 AM, to avoid discovery during periods of low activity.
Paises objetivo (SOCRadar)
Belarus
KazakhstanMongolia
Russian Federation
Ukraine
Sectores objetivo (SOCRadar)
Software PublishersEnterprises & HoldingManufacturingElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationOil & GasEducational ServicesSpace & DefenseEnergy & Utilities Aircraft Manufacturing