The hacker group “Librarian Ghouls” mines cryptocurrencies for Russians

According to PANews on June 11th, Kaspersky Lab disclosed that a hacker group named “Librarian Ghouls” (also known as “Rare Werewolf”) is launching a cryptojacking attack against Russia.

Since December 2024, this organization has been spreading malware through malicious phishing emails disguised as official documents or payment orders, infecting hundreds of devices. The main victims are industrial enterprises and engineering colleges in Russia, and there have also been reports of victims in Belarus and Kazakhstan. Hackers remotely control the device from 1 to 5 a.m. They first disable the security system, steal login credentials, collect information such as the device’s memory, CPU core, and GPU to optimize the configuration of the cryptocurrency mining program, and then deploy the mining program to conduct cryptocurrency mining.

Kaspersky pointed out that the organization prefers to use legitimate third-party tools rather than develop malicious software on its own. This technical feature is similar to that of the hacker activist group, so it is speculated that the organization might be a hacker activist. At present, the origin of this organization has not been determined. However, the phishing emails are written in Russian and contain files with Russian file names as well as Russian bait files, indicating that the main targets of this attack might be users or Russian speakers within Russia.

Related topic:

• Bitcoin – buying GameStop Drops as Q1 Revenues Miss Estimates
• Mystery Whale Opens $300M Leveraged Bitcoin Bet: James Wynn Alt Account?
• 87 deepfake scam rings taken down across Asia in Q1 2025: Report