IN recent months, the threat actor known as Fluffy Wolf has intensified phishing attacks targeting various sectors in Russia, including construction and e-commerce. These attacks utilize deceptive emails containing malicious RAR attachments and GitHub links to bypass email security. A notable development is the introduction of PowerLoader, a new downloader that operates filelessly, making detection difficult.
This malware retrieves additional payloads, including Pay2Key ransomware and PureLogs data stealers, while employing anti-forensic techniques to erase traces. Some attacks have also seen the deployment of a new remote desktop function within PureRAT, granting attackers significant control. Organizations are urged to enhance email filtering, restrict PowerShell usage, and monitor connections to suspicious repositories to combat these threats.