VERY IMPORTANT

Silent Werewolf has launched two new campaigns targeting Russian and Moldovan organizations, utilizing sophisticated loaders to deliver malicious payloads. The attacks employ phishing emails with ZIP attachments containing obfuscated C# loaders. These loaders use legitimate tools and code obfuscation to evade detection. The first campaign exclusively targeted Russian energy, aircraft, and engineering sectors, while the second focused on both Moldovan and Russian entities. The adversaries hinder payload retrieval, making analysis challenging. They also utilize the Llama 2 large language model in some instances to bypass defenses. The campaigns demonstrate the threat actor's evolving tactics and their continued focus on espionage in the region.