Novel payloads launched in Russia-targeted phishing campaign

October 6, 2025

An awareness sign in the laptop's email inbox informs of phishing attempts and the necessity for awareness.

(Adobe Stock)

Attacks spreading the new FoalShell and StallionRAT payloads have been launched by the Cavalry Werewolf threat operation against state agencies and energy, manufacturing, and mining firms across Russia as part of a new phishing campaign that ran between May and August, reports The Hacker News.

Malicious emails spoofing Kyrgyzstan government employees have been leveraged by Cavalry Werewolf, which overlaps with ShadowSilk, YoroTrooper, Silent Lynx, and Tomiris, to distribute FoalShell and StallionRAT to enable arbitrary command execution, as well as the ReverseSocks5Agent and ReverseSocks5 tools and device information gathering commands, according to findings from BI.ZONE.

Such a report indicates the ongoing expansion of Cavalry Werewolf's attack arsenal, which requires an immediate analysis of its tools for prompt detection and prevention measures, said BI.ZONE researchers.

At least 500 organizations across Russia were previously reported by BI.ZONE to have been targeted by hacktivists and other threat operations over the past year, with most of the attacks involving public web app breaches.

SC Staff

Scam fraud security warning crime internet technology phishing online alert digital risk protection threat background with danger message spam cyber concept hacking attack email sms caution symbol

Email security

Fake Boots emails target millions in large phishing campaign

SC StaffJune 18, 2026

The campaign, involving nearly 8.9 million email addresses and linked to Romanian threat actors, utilized a compromised Bolivian government website to host the fraudulent Boots checkout page.