Hacker group Librarian Ghouls attacks Russian equipment for cryptocurrency mining

The hacking group Librarian Ghouls (also known as Rare Werewolf) has hacked into hundreds of Russian devices and used them for cryptocurrency mining. The group spread malicious software through phishing emails disguised as legitimate organizations, infecting devices to establish remote connections and disable security systems such as Windows Defender. Hackers collect information on devices' RAM, CPU cores, and GPUs to optimize the configuration of cryptocurrency mining programs.
The hack, which began in December 2023, mainly affected industrial companies and engineering schools in Russia, with victims also in Belarus and Kazakhstan. Kaspersky speculated that Librarian Ghouls may be hacktivists because they rely on legitimate third-party tools rather than developing their own malicious programs, a technique commonly used by similar groups.