CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Cavalry Werewolf Campaign Targets Russian Public Sector with FoalShell and StallionRAT

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A threat actor known as Cavalry Werewolf, with ties to several other groups, has been targeting Russian public sector entities, energy, mining, and manufacturing enterprises. The attacks involve phishing emails impersonating Kyrgyz government officials to deliver FoalShell and StallionRAT malware. The campaign, observed between May and August 2025, uses sophisticated malware written in multiple programming languages to execute arbitrary commands, exfiltrate data, and maintain persistence. The threat actor's broader targeting scope is indicated by filenames in English and Arabic. The attacks highlight the evolving tactics of the group, which is actively expanding its arsenal and experimenting with new tools.

Timeline

  1. 03.10.2025 13:30 1 articles · 6h ago

    Cavalry Werewolf Campaign Targets Russian Public Sector with FoalShell and StallionRAT

    Between May and August 2025, the threat actor Cavalry Werewolf targeted Russian public sector entities, energy, mining, and manufacturing enterprises. The attacks involved phishing emails impersonating Kyrgyz government officials to deliver FoalShell and StallionRAT malware. The malware, written in multiple programming languages, enables arbitrary command execution, data exfiltration, and persistence. The threat actor's broader targeting scope is indicated by filenames in English and Arabic.

    Show sources

Information Snippets