According to Golden Finance, the hacker group Librarian Ghouls (also known as Rare Werewolf) has been exposed to have successfully invaded hundreds of Russian devices and used these devices to carry out cryptocurrency mining activities, attracting high attention in the field of cyber security.
This hacker group employs highly deceptive attack methods, sending phishing emails and spreading malicious software by disguising themselves as legitimate organizations. Once the device is infected, hackers will establish a remote connection and disable security protection systems such as Windows Defender, thereby obtaining control of the device. To maximize the efficiency of cryptocurrency mining, hackers will also collect key information such as the RAM, CPU core and GPU of the device to optimize the configuration of the mining program.
It is reported that this hacking attack began in December 2023 and has a wide affected area. Industrial enterprises and engineering schools in Russia have become the main targets of the attack. In addition, victims have also emerged in Belarus and Kazakhstan. Cyber security firm Kaspersky analyzed and pointed out that Librarian Ghouls might belong to hacker activists. During the attack process, this organization relies on legitimate third-party tools instead of developing malicious programs by itself. This feature is in line with the common technical means used by other similar hacker activist organizations.
This incident of the hacker group illegally using devices for cryptocurrency mining not only poses a threat to the performance of the victims’ devices and data security, but also once again rings the alarm bell for cyber security. In the current context where cryptocurrency mining activities are becoming increasingly active, enterprises and individuals need to heighten their vigilance and enhance their cybersecurity protection measures to prevent such malicious attacks.
Related Topics:
