Hacker group Librarian Ghouls attacked Russian devices for crypto mining

Golden Finance reports that the hacker group Librarian Ghouls (also known as Rare Werewolf) has infiltrated hundreds of Russian devices and is using them for crypto mining. The organization spreads malware through phishing emails disguised as legitimate organizations, establishing remote connections after infecting the devices and disabling security systems such as Windows Defender. Hackers collect information on the device's RAM, CPU cores, and GPU to optimize the configuration of the crypto mining program. The hacker incident began in December 2023, with the attack primarily affecting industrial enterprises and engineering schools in Russia, as well as some victims in Belarus and Kazakhstan. Kaspersky speculates that Librarian Ghouls may be hacker activists, as they rely on legitimate third-party tools rather than developing their own malware, which is a technique commonly used by similar organizations.