According to F.A.C.T., on December 22, the hacker group Sticky Werewolf made a second attempt to attack the Russian Pharmaceutical Company.
This time, attackers sent a fisdon letter to the target company on behalf of the Ministry of Emergency Situations of the Russian Federation. The letter spoke of the allegedly entering into force of the new order of the department, with a request to instruct employees about the procedure for action.
However, a careful analysis of the letter revealed inconsistencies: it was sent from a free mail service, and the surname in the address did not match the signature of the Contractor.
As part of the attack, attackers planned to use the harmful Darktrack Rat program, which allows you to get remote access to the victim system.
In early December, the same group attacked the Russian Research Institute engaged in the development of vaccines. The newsletter was then also conducted on behalf of the Ministry of Construction of the Russian Federation.
Sticky Werewolf is known for the implementation of targeted attacks on state institutions and financial organizations in Russia and Belarus. From April to October 2023, the group conducted at least 30 attacks. As the initial attack vector, Sticky Werewolf uses phishing e-mail with links to malicious files, as well as tools such as Trojans of remote access Darktrack Rat and Ozone Rat, as well as the Metastealer Steler (RedLine Stealer Corion).