Critical Infrastructure Security, Malware, Threat Intelligence

New Decoy Dog trojan for Windows deployed against Russia

Magnifying glass found the Russia map among computer binary code

Attacks with the Windows version of the Decoy Dog malware have been deployed by the advanced persistent threat operation HellHounds against 48 telecommunications, IT, government, and space industry entities across Russia, reports The Hacker News.

Aside from leveraging a custom loader to distribute Decoy Dog for Windows, HellHounds — which has been actively attacking Russian organizations since 2021 — has also tapped a custom 3snake version to facilitate credential compromise in Linux-based hosts, according to a Positive Technologies report. Further analysis revealed that breached Secure Shell login credentials have also been used by HellHounds to infiltrate at least two of its victims.

"The attackers have long been able to maintain their presence inside critical organizations located in Russia. Although virtually all of the Hellhounds toolkit is based on open-source projects, the attackers have done a fairly good job modifying it to bypass malware defenses and ensure prolonged covert presence inside compromised organizations," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.