Cavalry Werewolf attack targets Russian government organization

Cybersecurity researchers at Doctor Web revealed a focused cyberattack by the hacker group Cavalry Werewolf on a Russian government-owned organization, as reported by HackRead. The attack, uncovered in July 2025, featured a phishing campaign using password-protected archives to distribute a new backdoor called BackDoor.ShellNET.1. This malware enabled remote command execution and the introduction of additional tools like Trojan.FileSpyNET.5 for data theft. The perpetrators employed open-source frameworks and custom backdoors, managed implants via Telegram bots, and tampered with popular software to launch secondary malware. Cavalry Werewolf's strategies, such as spear-phishing emails and custom backdoors, present a significant threat to government agencies and industrial firms. To bolster cybersecurity, individuals should validate downloads using tools like VirusTotal and prioritize official platforms for software installation. Source: HackRead