Hundreds of thousands of rubles for your secrets: cyber spies disguise themselves as recruiters

March 12, 2025, 11:55 a.m.

Description

Cybercriminals impersonating a real company are sending fake job descriptions to employees of targeted organizations. The attackers, known as Squid Werewolf, are offering substantial sums of money, potentially hundreds of thousands of rubles, in exchange for sensitive information. This sophisticated phishing campaign aims to exploit the trust associated with legitimate recruitment processes to gather confidential data from unsuspecting employees. The operation demonstrates the evolving tactics of cyber espionage groups, blending social engineering with financial incentives to compromise organizational security.

External References

https://bi.zone/expertise/blog/sotni-tysyach-rubley-za-vashi-sekrety-kibershpiony-squid-werewolf-maskiruyutsya-pod-rekruterov/
https://otx.alienvault.com/pulse/67d1758164fe4b799677296c
Tags
phishing
social engineering
impersonation
cyber espionage
2025-03-12
fake job offers
recruitment scam

Date

  • Created: March 12, 2025, 11:52 a.m.
  • Published: March 12, 2025, 11:52 a.m.
  • Modified: March 12, 2025, 11:55 a.m.

Indicators

  • 49a2ed08930ed20cbf859ca2fe3113e64f7a305c7a03cbda284fcceb781d053b
  • 20dd93441c5e78b7adc7764c92719bed70ddb0676f707df7ea9f37d7969f4776
  • 0601426a6da40ec9b47bab54e4ec149ba69ee58f787eea0e32d1001cab1abd04
  • https://hwsrv-1253398.hostwindsdns.com/307c77ab-f41f-4dd4-a478-2a71b9625f64/c/shoppingcart.php
  • https://hwsrv-1253398.hostwindsdns.com/307c77ab-f41f-4dd4-a478-2a71b9625f64/c/discountcode.php
  • hwsrv-1253398.hostwindsdns.com
Download all indicators here!

Attack Patterns

  • Squid Werewolf

Additional Informations

  • Russian Federation