Active since 2023, the Mysterious Werewolf cluster has shifted targets to the military-industrial complex (MIC) by using phishing emails with a weaponized archive. The archive contains a seemingly legitimate PDF document along with a malicious CMD file, and when the victim opens the archive and double-clicks the PDF, the CMD file executes, deploying the RingSpy backdoor onto the compromised system. Malware replaces the Athena agent of the Mythic framework, a strategy that Mysterious Werewolf previously employed in earlier campaigns. An attacker known as Mysterious Werewolf is employing phishing emails laced with malicious archives that exploit the CVE-2023-38831 vulnerability in WinRAR to execute code. Document Run Free ThreatScan on Your Mailbox AI-Powered Protection for Business Email Security Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox.
Source: GBHackers