The Sticky Werewolf phishing campaign, which targets Russia and Belarus, has been on the uptick this summer, and Augur has predictions associated with it.

In May 2024, two IPs (94[.]156[.]8[.]211 and 94[.]156[.]8[.]166) were reported as malicious by multiple threat feeds. The two IPs are part of CIDR 94.156.8.0/24, which Augur predicted as malicious in Q1, 2023. In a blog post on its website published in June, EDR specialists Morphisec identified these IPs as being used by the Sticky Werewolf threat group as part of a phishing/espionage campaign.

If you haven’t already blocked these IPs, we highly recommend that you do.

‍

‍

What is Sticky Werewolf?

Sticky Werewolf is a cyber threat group first detected in April 2023. It primarily targets public organizations in Russia and Belarus. Recent attacks focus on the aviation sector and, more recently, pharmaceuticals. They use phishing emails containing malicious archive files with LNK files pointing to WebDAV servers. These LNK files initiate a chain leading to the deployment of Remote Access Trojans (RATs) or stealers. The group's operations indicate espionage and data exfiltration motives, potentially linked to geopolitical or hacktivist agendas.

For more details, you can read the full article here.

Why Does this Matter?

Typically, Western cybersecurity companies don’t focus much on threats against countries like Russia, China and North Korea, which are often seen as the sources of much of the state-sponsored espionage and cybercriminal activities. But Augur is entirely apolitical, looking for patterns in infrastructure deployment that indicate an intent to deploy that infrastructure for malicious purposes. This means that we can detect and block threats that currently don’t target your industry or your country but could easily be repurposed to target you. Whereas traditional threat research would need to find a patient zero case in order to identify the threat and block it, Augur provides proactive, advance protection, keeping your network safer and improving your security posture.

‍Your Early Warning System
Augur is your best early warning system and your insurance policy against novel threats.

Our smart behavioral prediction models identify and group threat actors based on patterns of activity. The platform can then predict novel attacks up to 50 days out. At the time of prediction, these predictions are often +-90% unique compared to other leading threat data sources. 

Augur has predicted and protected against major elements of numerous important vulnerabilities, including Solar Winds, Log4JShell, Colonial Pipeline and ProxyNotShell hacks months ahead of first reports.
‍
Find Out More
Curious to see how Augur works and how Augur’s predictive intelligence can improve your Patient Zero protection and overall security posture? You can learn more about how Augur works and how it solves real-world security problems.