Attacks with the Windows version of the Decoy Dog malware have been deployed by the advanced persistent threat operation HellHounds against 48 telecommunications, IT, government, and space industry entities across Russia, reports The Hacker News.
Aside from leveraging a custom loader to distribute Decoy Dog for Windows, HellHounds — which has been actively attacking Russian organizations since 2021 — has also tapped a custom 3snake version to facilitate credential compromise in Linux-based hosts, according to a Positive Technologies report. Further analysis revealed that breached Secure Shell login credentials have also been used by HellHounds to infiltrate at least two of its victims.
"The attackers have long been able to maintain their presence inside critical organizations located in Russia. Although virtually all of the Hellhounds toolkit is based on open-source projects, the attackers have done a fairly good job modifying it to bypass malware defenses and ensure prolonged covert presence inside compromised organizations," said researchers.
