Since December 2024, hundreds of Russian companies and organizations have faced a series of targeted cyberattacks. The group, dubbed Librarian Ghouls, operated primarily from 01:00 to 05:00, when IT staff activity is minimal.
The attacks begin with phishing emails containing archive files with malicious code. After opening the attachment, a program is downloaded to the victim's computer, giving hackers remote access. The attackers then mask their activity and install cryptocurrency mining software that runs until the system is rebooted.
After transferring the stolen information, the malware erases files created during the attack from the victim's computer, loads a miner into the infected system, and finally deletes itself from the device.
Nighttime is chosen deliberately — during these hours, the likelihood of rapid attack detection is reduced. According to Kaspersky Lab, attackers use sophisticated methods to penetrate corporate networks, install spyware, and steal confidential data.
Read more on this topic:
Specialists Needed: Demand for Qualified Cybersecurity Personnel Rises by 18%
Provider Rostelecom Plans to Launch Comprehensive Cybersecurity Service
Childish Pranks: Scammers Profit from Russians Wishing to Buy Labubu Toys
