Paper Werewolf — Threat Actor Profile, Campaigns & Targets

Threat entity extracted from intelligence sources

Frequency
4
occurrences
First Seen
December 11, 2025
Last Seen
May 15, 2026

Paper Werewolf is a apt_group tracked across 3 threat clusters and 4 intelligence report mentions on ThreatCluster. First observed December 11, 2025; most recent activity May 15, 2026.

Related Threat Clusters

  • Mini Shai-Hulud Supply Chain Attack Targets SAP npm Packages

    A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…

    680 articles · Updated April 29, 2026
  • Exploitation of WinRAR Path Traversal Flaw Continues Amid CISA Warning

    The CVE-2025-8088 vulnerability in WinRAR is being exploited by various threat actors for initial access and to deploy malware. The flaw allows attackers to use Alternate Data Streams to write malicious files to…

    12 articles · Updated January 27, 2026
  • AI-Driven Cyberespionage Targets Russian Defense Firms

    Russian technology companies involved in air defense and sensitive electronics have been targeted by a cyberespionage group utilizing AI-generated decoy documents. This operation, revealed by cybersecurity firm Intezer,…

    5 articles · Updated December 19, 2025

Recent Intelligence Reports

  • Shai-Hulud goes open-source — News.Risky.Biz · May 15, 2026
  • Pro-Ukrainian Hackers Target Russian Defense Contractors – Reuters — Themoscowtimes · December 19, 2025
  • With AI! Hackers hit Russian defense firms - ФАКТИ.БГ — Fakti.Bg · December 19, 2025
  • WinRAR bug added to CISA KEV catalog — Scworld · December 11, 2025

CVSS v3.1 Breakdown