More than 300 Russian defense, tech, manufacturing, aerospace, and education entities have been subjected to attacks by the Sapphire Werewolf hacking operation distributing the Amethyst information-stealing malware since March, reports The Record, a news site by cybersecurity firm Recorded Future.
Intrusions commence with the delivery of phishing emails purporting as legitimate Russian government decrees to facilitate the spread of the SapphireStealer malware-based payload, which enables the exfiltration of credential and cookie databases, PowerShell logs, and Telegram configuration files, as well as browser histories, saved pages, and configurations, according to a report from Russian cybersecurity firm BI.ZONE.
Information regarding Sapphire Werewolf's operations remains unclear but the group's Amethyst tool was discovered to have gained persistence mechanisms and more extensive data theft capabilities since the campaign began.
Such a development comes after a Positive Technologies report detailing the widespread Decoy Dog malware attack against Russian organizations launched by state-backed threat operation HellHounds.
