All news with #foalshell tag

Cavalry Werewolf Targets Russian Public Sector with RATs

🚨 BI.ZONE warns of a campaign dubbed Cavalry Werewolf that has targeted Russian state agencies and critical industrial sectors using FoalShell and StallionRAT. Attackers used spear-phishing with spoofed Kyrgyz government emails and RAR attachments to deploy lightweight reverse shells and a RAT that exfiltrates data via a Telegram bot. Observed tooling and Telegram commands indicate organized post-compromise operations and use of socks proxies for lateral movement. BI.ZONE links the activity to groups including Tomiris and YoroTrooper, suggesting possible Kazakhstan ties.