Cryptojacking Group Hacks Hundreds Of Devices To Mine Crypto
The Librarian Ghouls hacker group, also known as Rare Werewolf, has compromised hundreds of Russian devices for cryptojacking, according to Kaspersky. The group uses malware-laden phishing emails disguised as official documents to gain access. Once infected, hackers disable security systems and program devices to operate remotely during specific hours to avoid detection. They collect device information to optimize crypto mining operations and maintain a connection to the mining pool. The ongoing campaign, which began in December 2024, has targeted industrial enterprises and engineering schools in Russia, Belarus, and Kazakhstan. The phishing emails are in Russian, indicating a focus on Russian-speaking victims. Kaspersky suggests the group may be hacktivists due to their use of legitimate software and tactics associated with political agendas. The group's activity dates back to at least 2019, as noted by another cybersecurity firm.
