In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered

Technical analysis of a Water Gamayun (Russia-aligned) APT campaign: a compromised BELAY Solutions site redirected users to belaysolutions.link which served a double-extension RAR (masquerading as a PDF). The archive dropped a malicious .msc snap-in that executed Base64-encoded PowerShell via mmc.exe to download UnRAR.exe and a password-protected RAR, compile a C# helper (WinHpXN) to hide consoles and display a decoy PDF, and ultimately deploy a persistent loader (ItunesC.exe) that likely installs backdoors or stealers; several filenames and URLs are provided as IOCs though the C2 was non-responsive so the exact malware family was unconfirmed.