Since December 2024, hundreds of Russian companies and organizations have faced a series of targeted cyberattacks. The group, dubbed Librarian Ghouls, operated mainly from 01:00 to 05:00, when IT staff activity is minimal.
The attacks begin with phishing emails containing archive files with malicious code. After opening the attachment, a program is downloaded to the victim's computer, giving hackers remote access. The attackers then mask their activity and install crypto-mining software that runs until the system is rebooted.
After transferring the stolen information, the malware erases the files created during the attack from the victim's computer and loads a miner into the infected system, and finally deletes itself from the device.
Night time is chosen deliberately - during these hours the probability of rapid detection of the attack decreases. According to Kaspersky Lab, the attackers use sophisticated methods to penetrate corporate networks, install spyware and steal confidential data.
Read more on the topic:
Specialists needed: demand for qualified personnel in the field of cybersecurity has grown by 18%
The provider Rostelecom plans to launch a comprehensive cybersecurity service
Not childish pranks: fraudsters cash in on Russians wishing to buy Labubu toys
