Golden Finance reports that recently, a shocking piece of news broke out in the field of cyber security: The hacker group Librarian Ghouls (also known as Rare Werewolf) has successfully invaded hundreds of Russian devices and used these devices for cryptocurrency mining activities. This incident has raised the industry’s high alert to cybersecurity protection and once again exposed the hidden risks behind cryptocurrency mining to the public eye.
Librarian Ghouls adopted extremely covert and cunning attack methods. They quietly spread malware to target devices through phishing emails carefully disguised as legitimate organizations. These phishing emails are usually designed to look like official documents or payment orders, which are highly deceptive. Users may click and open them inadvertently, thereby triggering the installation program of malicious software. Once the device is infected, hackers will quickly establish a remote connection and disable key security systems such as Windows Defender at the first time, removing obstacles for subsequent attack behaviors.
After obtaining control of the device, the hackers did not rush to carry out mining activities but first conducted a “reconnaissance” of the device. They collect in detail key information such as the random access memory (RAM) of the device, the number of central processing unit (CPU) cores, and the graphics processing unit (GPU). The purpose of doing this is to optimize the configuration of the cryptocurrency mining program based on the hardware performance of the device to ensure that the maximum mining efficiency can be achieved on this device. For instance, if a device is equipped with a powerful GPU, hackers might opt for mining algorithms that focus on GPU computing, allowing the device’s computing power to be fully utilized and enabling the mining of more cryptocurrencies within a unit of time.
It is reported that this hacking incident quietly kicked off as early as December 2023, and the attack activities are still escalating to this day. In terms of the affected area, industrial enterprises and engineering schools in Russia have become the hardest-hit regions. These institutions usually have a large number of computer devices, and some of them remain connected to the Internet for a long time due to business needs, which provides an opportunity for hackers to take advantage. Furthermore, neighboring countries such as Belarus and Kazakhstan have not been spared either, and some victims have emerged.
Kaspersky, a globally renowned cybersecurity company, after conducting an in-depth investigation into this incident, speculated that Librarian Ghouls was very likely a hacker activist. The basis of this inference lies in that during the attack process, the organization mainly relied on legitimate third-party tools rather than developing malicious programs by itself. This kind of technical means is relatively common in similar hacker organizations. They achieve illegal attack goals by ingeniously exploiting the vulnerabilities or permissions of legitimate tools, thereby increasing the concealment of attack behaviors and the probability of evading detection.
For instance, they might have used unauthorized or cracked versions of legitimate software such as remote control software or file transfer tools. These software may seem fine when used normally, but under the manipulation of hackers, they have become powerful “accomplices” for invading devices, stealing information and conducting cryptocurrency mining.
With the vigorous development of the cryptocurrency market, the substantial profits brought by cryptocurrency mining have attracted the attention of many lawbreakers. They do not hesitate to use all kinds of illegal means to invade others’ devices and take advantage of the computing power of the devices to seek benefits for themselves. This incident where Librarian Ghouls attacked Russian devices for cryptocurrency mining is just the tip of the iceberg among numerous cybersecurity threats.
For both enterprises and individual users, it is urgent to enhance their awareness of network security protection and improve the security protection capabilities of their devices. It is recommended that users regularly update their systems and security software, be cautious about emails and links from unknown sources, and avoid conducting sensitive operations in an unsafe network environment to reduce the risk of being attacked by hackers. Meanwhile, relevant institutions should also enhance the supervision of cyber security, severely crack down on such illegal cryptocurrency mining activities, and maintain the security and stability of cyberspace.
Related Topics:
