Cavalry Werewolf Attacking Government Organizations To Deploy...

In July 2025, a sophisticated hacker group known as Cavalry Werewolf executed a targeted campaign against Russian government institutions, compromising critical infrastructure through coordinated phishing operations.

The discovery of this campaign reveals a complex attack chain designed to establish persistent network access, extract sensitive data, and maintain long-term control over compromised systems.

Dr.Web security analysts identified the group after being contacted by a targeted government organization that detected suspicious email traffic originating from internal corporate accounts, suggesting unauthorized network access.

The investigation uncovered multiple previously unknown malware variants deployed across a multi-stage infection process.

The attackers demonstrated sophisticated operational security practices by leveraging open-source tools, employing encryption, and establishing command-and-control infrastructure across multiple servers.

Their arsenal includes various reverse-shell backdoors, data theft trojans, and process injection techniques that allow remote command execution without triggering traditional security mechanisms.

Dr.Web security researchers noted that this campaign represents a significant escalation in sophistication, with the group continuously expanding their toolkit to adapt to different target environments.

The attack methodology focuses on deploying backdoors that establish remote shell access, enabling attackers to execute commands and maintain persistence within compromised networks.

This approach provides the flexibility to deploy additional malware stages based on reconnaissance findings within each target organization.

Cavalry Werewolf initiates attacks through phishing emails containing weaponized attachments masquerading as official government documents.

Source: Cybersecurity News