April 17, 2024 at 07:33PM

■■■■□ Cyber spies from Core Werewolf allegedly tried to attack a Russian military base in Armenia

Threat Intelligence specialists of F.A.C.C.T. claim that they found a malicious file on VirusTotal platform uploaded from Gyumri, Armenia connected with cyber-espionage group Core Werewolf. It is a self-extracting 7zSFX archive designed for hidden installation and launch of legitimate remote access program – UltraVNC.

According to the experts, the supposed target of the attack may be the 102nd Russian military base. The following facts indicate this:

– as a bait document was used a request for the alleged submission to state awards, including the “Medal of Courage” of soldiers who distinguished themselves during the war in Ukraine;

– malicious file was uploaded to VirusTotal from Gyumri (Armenia), where the 102nd Russian military base is located.

Core Werewolf (a.k.a. PseudoGamaredon) is a cyber-espionage group that actively attacks Russian organizations associated with the military industrial complex and critical infrastructure. It was first noticed in August 2021.

https://habr.com/ru/companies/f_a_c_c_t/articles/808143/

https://t.me/cKure/13867