Cybersecurity experts at Bi.Zone have identified a concerning trend in the first quarter of 2024: a significant increase in attacks on Russian companies using modified commercial malware. This surge comes despite developers’ attempts to restrict their software’s use against organizations in CIS countries.
The Growing Threat of Adapted Commercial Malware
According to the analysis, 73% of commercial malware attacks are financially motivated, with threat actors seeking ransom payments or aiming to sell stolen data on the dark web. Espionage accounts for 14% of these attacks, while hacktivism represents only 3% of incidents.
Notably, approximately 5% of malicious activity clusters targeting Russian and CIS companies are violating the restrictions set by commercial malware developers. These restrictions often stem from developers’ attempts to avoid detection and prosecution, as many are based within CIS territories.
Stone Wolf: A Case Study in Malware Modification
The recently discovered Stone Wolf group exemplifies this trend. Oleg Skulkin, head of BI.ZONE Threat Intelligence, reports: “Stone Wolf has conducted at least 9 attacks on Russian companies using the Meduza stealer. Despite the developers’ claims of built-in CIS-region restrictions, Stone Wolf modified the software to disable this function.”
The Meduza stealer, first available in June 2023, offers various pricing options, including a perpetual license for $1,199. As of March 2024, additional features like dedicated server rentals have become available, starting at $20.
The Shifting Landscape of Malware Distribution
When a particular malware is found targeting CIS companies, its sales are typically blocked on hacking forums. Consequently, developers often migrate their operations to Telegram. This pattern was observed with the White Snake stealer in August 2023 and the Rhadamantys stealer in April 2024.
Implications for Cybersecurity in the Region
This trend of bypassing regional restrictions and modifying commercial malware poses significant challenges for cybersecurity in Russia and CIS countries. Organizations must remain vigilant and adapt their defense strategies to combat these evolving threats.
As cybercriminals continue to find ways around software restrictions, it becomes crucial for companies to implement robust security measures, including regular security audits, employee training, and advanced threat detection systems. The cybersecurity community must also stay alert to new modifications and distribution methods of commercial malware to effectively protect against these sophisticated attacks.