Kaspersky Lab has identified a hacker campaign attacking at night

The Librarian Ghouls hacker group has subjected hundreds of Russian companies and organizations to overnight cyber attacks. This was announced on June 9 by Kaspersky Lab.

According to the laboratory, the attacks began back in December 2024. Their goal was to gain remote access to devices and credentials. It is noted that the attackers were active mainly from 01:00 to 05:00 local time. At that time, they were trying to infiltrate corporate networks and install spyware.

Attacks usually begin by sending phishing messages that contain archives of malicious code. After opening such a message, a program is installed on the computer that allows remote control of the software. In the future, the attackers mask their activity and launch a hidden installation of cryptographic mining software.

The laboratory experts noted that it is activated and running until the system is rebooted by the built-in task scheduler. During this time, hackers manage to gain access to confidential information. After collecting the data, the malware removes traces of its presence, leaving only a working miner.

"After transferring the stolen information to the group, the malware erases the files created during the attack from the victim's computer and uploads the miner to the infected system, and finally deletes itself from the device," Kaspersky Lab quoted TASS as saying.

The Anxiety Window: hackers have become more likely to exploit application vulnerabilities

Retail, logistics and telecom were under attack.

The Russian Railways website and mobile application were subjected to a DDoS attack on June 6. At the same time, the ticket offices at the stations and train stations continued to operate normally. It was later reported that their work was restored after a DDoS attack. It was noted that due to the ongoing attacks on the company's information resources, there may be difficulties in the operation of the website and mobile application.