The SCALY WOLF group, known for its attacks on Russian and Belarusian organizations, has resumed activity at the end of March 2024. They have released at least six phishing mailings targeting industrial and logistics companies, as well as state institutions. However, the hackers failed in a series of cyber attacks on Russia due to their own mistake, as reported by BI.ZONE.
The attackers planned to access corporate data using the White Snake styler, which they had used in previous campaigns. This malicious software allows them to collect logins and passwords saved in browsers, record keystrokes, copy documents from infected computers, and gain remote access to them.
The group followed their usual scheme, disguising phishing attempts as official letters from federal departments. The hackers hoped that the victims would open an attached archive in ZIP format. While previously Scaly Wolf simply placed the styler in the archive, this time the attackers used a more complex method – a malicious bootloader. However, due to a serious mistake, the system of Explorer.exe – “conductor” was copied to the system instead of VPO, meaning the attackers did not reach their main goal of gaining access to sensitive data and compromised systems.
During this failed campaign, the Scaly Wolf group used an updated version of the White Snake styler, which had only recently appeared on hacker forums in March. The developers offered “Spring Discounts” for the program, allowing access for six months for $500 instead of $590, for a year for $800 instead of $1100, and indefinitely for $1000 instead of $1950.
According to the company, the creators of White Snake had previously claimed that one buyer had managed to bypass restrictions on the program’s use in Russia and the CIS countries. This claim followed the publication of research on the styler’s use against Russian companies in August 2023. The latest version of White Snake does not block its operation in the Russian Federation and CIS countries, possibly to avoid being blocked on popular hacker platforms.