Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises

The Rare Werewolf APT group, active since at least 2019, has been linked to cyber attacks targeting Russia and CIS countries. The attacks, which use legitimate third-party software, aim to establish remote access, steal credentials, and deploy cryptocurrency miners. The group’s tactics, including the use of phishing emails and legitimate tools, make detection and attribution challenging.