The Librarian Ghouls hacker group has been accused of using compromised devices in Russia to mine cryptocurrency, according to cybersecurity firm Kaspersky. The group gained access to hundreds of Russian systems through phishing emails disguised as official communications. 💻 After infecting victims’ computers with malware, the hackers disable security features and program the machines to mine crypto at specific times, then steal login credentials to maintain control. This allows the attackers to optimize their mining operations before deploying the miner. Kaspersky reported that the campaign began in December 2024 and has targeted primarily industrial enterprises and engineering schools in Russia, with additional victims reported in Belarus and Kazakhstan. The hackers have been observed using legitimate third-party software for malicious purposes, which aligns with tactics often employed by similar groups.