More advanced malware tapped by Arcane Werewolf in Russia-targeted attacks

Multiple manufacturing organizations across Russia have been targeted by cyberespionage operation Arcane Werewolf, also known as Mythic Likho, with the more sophisticated Loki 2.1 malware toolkit, according to GBHackers News. After launching the Loki 2.0 loader in an October attack campaign that involved phishing emails with links redirecting to Russian manufacturer-spoofing websites that lure targets into downloading ZIP archives with nefarious LNK files, Arcane Werewolf utilized the same tactics to then deploy the Loki 2.1 dropper a month later, a report from BI.ZONE showed. Integrated within Loki 2.1 were the illicit chrome_proxy.pdf loader and a decoy PDF document, with the newer version leveraging a streamlined ordinal number system in command identification rather than Loki 2.0's command mapping to djb2 hash values. Aside from enabling file management and code execution, Loki 2.1 also allowed Beacon Object File execution, Windows access token modifications, and process termination, as well as sleep interval alterations, said BI.ZONE researchers.