Cavalry Werewolf executed a complex cyber attack against Russian government entities in July 2025, revealing a multi-stage infection mechanism involving various malware and sophisticated operational security practices. After Dr.Web analysts detected unusual email traffic from internal accounts, they found that the attackers utilized reverse-shell backdoors and custom trojans to maintain persistent control over compromised systems.
The group’s initial access was facilitated via weaponized phishing attachments disguised as official documents, leading to the deployment of a backdoor, BackDoor.ShellNET.1. Following successful infiltration, they employed legitimate tools such as Bitsadmin to further download malware, reflecting their strategic use of living-off-the-land techniques. This layered malware approach ensured multiple entry points, demonstrating the rising sophistication of threats targeting government sectors.
👉 Pročitaj original: Cyber Security News
