Kaspersky, a cybersecurity company, reported that the hacker group Librarian Ghouls has infiltrated hundreds of Russian devices and is using them for cryptocurrency mining, which appears to be a case of cryptojacking.

The hacker group, also known as Rare Werewolf, gains system access through malware phishing emails disguised as legitimate organizational information. These emails appear to be official documents or payment instructions, Kaspersky stated in a report on Monday.

After the computers are infected with malware, the hackers establish remote connections and disable security systems like Windows Defender.

The infected devices are also programmed to power on at 1 AM and shut down at 5 AM, allowing the hackers to further establish unauthorized remote access and steal login credentials during this time frame.

Kaspersky stated, "We assess that the attackers use this technique to cover their tracks, making users unaware that their devices have been compromised."

Subsequently, they steal login credentials and collect information about the available RAM, CPU cores, and GPU of the devices to optimize configurations before deploying cryptocurrency mining programs.

According to Kaspersky, during the mining program's operation, the hackers maintain a connection with the mining pool, sending requests every 60 seconds.

The company noted, "We have observed that the attackers continuously improve their strategies, which include not only data breaches but also deploying remote access tools and using phishing websites to compromise email accounts."

So far, this hacking activity, which began in December and is still ongoing, has affected hundreds of Russian users, particularly in industrial enterprises and engineering schools, while other victims have also been reported in Belarus and Kazakhstan.

The origin of the organization has not been determined; however, Kaspersky stated that the phishing emails "are written in Russian and contain files with Russian filenames, as well as Russian bait files."

Kaspersky remarked, "This indicates that the primary target of this activity may be individuals located in Russia or Russian-speaking populations."

Kaspersky speculated that Librarian Ghouls may be hacktivists who push a political agenda through hacking as a form of civil disobedience, as they employ techniques commonly used by similar groups, such as relying on legitimate third-party tools.

Kaspersky stated, "A notable feature of this threat is that the attackers are more inclined to use legitimate third-party software rather than developing their own malicious binaries."

It is currently unclear how long the organization has been active, but another Russian cybersecurity company, BI.ZONE, reported on November 23 that Rare Werewolf has existed at least since 2019.

Related: The Ethereum Foundation emphasizes that user experience (UX) and social layers are security "challenges."

Original: “Librarian Ghouls hacking group attacks hundreds of Russian devices for cryptocurrency mining”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。