Scaly Wolf Unleashing Attacks to Expose Organizations’ Hidden Secrets

The Scaly Wolf advanced persistent threat (APT) gang has once again targeted a Russian engineering company in a sophisticated targeted attack that was discovered by Doctor Web’s analysts. This shows that the group is determined to obtain corporate secrets.

This incident, occurring in mid-2025, echoes a similar assault in 2023, where the group employed modular backdoors to infiltrate networks.

The latest operation began in early May 2025 with a barrage of phishing emails masquerading as financial documents.

These emails contained deceptive PDF decoys and password-protected ZIP archives housing executables disguised as PDFs through double extensions like “Акт Сверки.pdf.exe.”

Cyber Espionage Campaign

Upon execution, these files deployed Trojan.Updatar.1, a downloader designed to fetch subsequent malware components, including Trojan.Updatar.2 and Trojan.Updatar.3, forming the core of the Updatar modular backdoor.

This backdoor facilitates data exfiltration, system reconnaissance, and persistent access, with enhancements ...