An emerging threat actor known as Fluffy Wolf [2] [3], discovered by BIZONE Threat Intelligence team [1], has been actively targeting Russian organizations since 2022.
Description
Fluffy Wolf relies on malwareasaservice (MaaS) models and readily available tools like Remote Utilities and Meta Stealer to carry out successful cyberattacks [2]. Despite their limited technical skills [1] [3], the threat actors use legitimate remote access services and inexpensive malware to achieve their goals [1]. The actor initiates attacks through phishing emails with malicious attachments disguised as legitimate documents [1], with recent campaigns involving emails from a construction firm with a malicious file attached [1]. Fluffy Wolf has previously utilized malwareasaservice solutions like WarZone RAT and XMRig for cryptojacking [1]. The campaign has impacted at least 140 companies in Russia [2], with phishing being a prevalent method of initial entry into corporate environments in the country [2] [3]. Fluffy Wolf’s use of Remote Utilities allows for complete control over compromised devices [2] [3], while Meta Stealer steals sensitive data and sends it back to the attacker’s commandandcontrol server [2] [3].
Conclusion
To defend against such attacks [2], organizations are advised to utilize managed email security services and threat intelligence platforms to proactively protect themselves from threat actors like Fluffy Wolf.
References
[1] https://bi.zone/eng/news/kvalifikatsiya-kiberprestupnikov-nizkaya-ugroza-dlya-kompaniy-vysokaya/
[2] https://www.darkreading.com/threat-intelligence/fluffy-wolf-spreads-meta-stealer-in-corporate-phishing-campaign
[3] https://ciso2ciso.com/fluffy-wolf-spreads-meta-stealer-in-corporate-phishing-campaign-source-www-darkreading-com/