An emerging threat actor known as Fluffy Wolf [2] [3], discovered by BIZONE Threat Intelligence team [1], has been actively targeting Russian organizations since 2022.


Fluffy Wolf relies on malwareasaservice (MaaS) models and readily available tools like Remote Utilities and Meta Stealer to carry out successful cyberattacks [2]. Despite their limited technical skills [1] [3], the threat actors use legitimate remote access services and inexpensive malware to achieve their goals [1]. The actor initiates attacks through phishing emails with malicious attachments disguised as legitimate documents [1], with recent campaigns involving emails from a construction firm with a malicious file attached [1]. Fluffy Wolf has previously utilized malwareasaservice solutions like WarZone RAT and XMRig for cryptojacking [1]. The campaign has impacted at least 140 companies in Russia [2], with phishing being a prevalent method of initial entry into corporate environments in the country [2] [3]. Fluffy Wolf’s use of Remote Utilities allows for complete control over compromised devices [2] [3], while Meta Stealer steals sensitive data and sends it back to the attacker’s commandandcontrol server [2] [3].


To defend against such attacks [2], organizations are advised to utilize managed email security services and threat intelligence platforms to proactively protect themselves from threat actors like Fluffy Wolf.