Core Werewolf hones its arsenal against Russia’s government organizations

Description

BI.ZONE Threat Intelligence continues monitoring a threat actor called Core Werewolf, which has targeted Russia's defense industry and critical infrastructure since 2021. In its recent campaigns, the adversary employed a new loader written in AutoIt and started delivering malicious files via Telegram messenger, in addition to email. The report highlights that threat actors experiment with various malware delivery methods and update their tools to evade detection. AutoIt remains a popular language for developing malware.