Cavalry Werewolf targeted phishing campaign against Russian state agencies and industry
Campaign
Summary
Hide ▲
Show ▼
A Cavalry Werewolf phishing campaign targeted Russian state agencies and energy, mining, and manufacturing enterprises, using fake official correspondence to deliver FoalShell and StallionRAT. The operation was observed between May and August 2025, showing sustained targeting rather than a one-off lure. The activity matters because the malware enabled remote command execution and data exfiltration, expanding the risk beyond initial access.
Related Happenings
HeartlessSoul phishing and malvertising espionage campaign targeting aerospace firms and drone operators
Campaign
First: 11.05.2026 15:00
Last: 11.05.2026 15:00
Sources 1
About this happening:
The **HeartlessSoul** operation is using **phishing** and **malvertising** to target **aerospace firms and drone operators**, raising the risk of **geospatial data theft** from co...
HeartlessSoul phishing and malvertising espionage campaign targeting aerospace firms and drone operators
CampaignAbout this happening: The **HeartlessSoul** operation is using **phishing** and **malvertising** to target **aerospace firms and drone operators**, raising the risk of **geospatial data theft** from co...
UAC-0050 spear-phishing campaign targeting European financial institutions
Campaign
First: 24.02.2026 16:21
Last: 24.02.2026 16:21
Sources 1
About this happening:
The **UAC-0050** spear-phishing operation targeted a **European financial institution**, raising concern that the actor is extending its reach beyond **Ukraine** into **Western Eu...
UAC-0050 spear-phishing campaign targeting European financial institutions
CampaignAbout this happening: The **UAC-0050** spear-phishing operation targeted a **European financial institution**, raising concern that the actor is extending its reach beyond **Ukraine** into **Western Eu...
Multi-stage phishing campaign targeting users in Russia with Amnesia RAT and ransomware
Campaign
First: 24.01.2026 13:09
Last: 24.01.2026 13:09
Sources 1
About this happening:
A **multi-stage phishing campaign** is targeting **users in Russia**, delivering **Amnesia RAT** and **ransomware** that enable **credential theft**, **remote control**, and destr...
Multi-stage phishing campaign targeting users in Russia with Amnesia RAT and ransomware
CampaignAbout this happening: A **multi-stage phishing campaign** is targeting **users in Russia**, delivering **Amnesia RAT** and **ransomware** that enable **credential theft**, **remote control**, and destr...
APT28 credential-harvesting campaign against energy and regional targets
Campaign
First: 09.01.2026 17:28
Last: 09.01.2026 17:28
Sources 1
About this happening:
**APT28 (BlueDelta)** ran a **credential-harvesting campaign** that targeted a **Turkish energy and nuclear research agency**, a **European think tank**, and organizations in **No...
APT28 credential-harvesting campaign against energy and regional targets
CampaignAbout this happening: **APT28 (BlueDelta)** ran a **credential-harvesting campaign** that targeted a **Turkish energy and nuclear research agency**, a **European think tank**, and organizations in **No...
CAPI Backdoor phishing ZIP campaign targeting Russian automobile and e-commerce sectors
Campaign
First: 18.10.2025 14:41
Last: 18.10.2025 14:41
Sources 1
About this happening:
A new **CAPI Backdoor** campaign is targeting **Russian automobile and e-commerce sectors**, using **phishing emails** with **ZIP archives** to deliver malware that can steal brow...
CAPI Backdoor phishing ZIP campaign targeting Russian automobile and e-commerce sectors
CampaignAbout this happening: A new **CAPI Backdoor** campaign is targeting **Russian automobile and e-commerce sectors**, using **phishing emails** with **ZIP archives** to deliver malware that can steal brow...
Timeline
-
03.10.2025 13:30 2 articles · 7mo ago
Cavalry Werewolf targeted phishing campaign against Russian state agencies and industry
Initial DisclosureThe first stage used **targeted phishing emails** posing as **official Kyrgyz government correspondence** to draw recipients into opening **RAR archives**. That initial access path set up delivery of **FoalShell** or **StallionRAT**.
Show sources
- New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT — thehackernews.com — 03.10.2025 13:30
- New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT — thehackernews.com — 03.10.2025 13:30