A cybercrime group called DarkGaboon has been conducting targeted ransomware attacks on Russian companies across multiple sectors, using LockBit 3.0 ransomware and phishing emails in Russian. Although their methods are similar to other LockBit operations, DarkGaboon operates independently and primarily targets financial departments with malicious documents. #DarkGaboon #LockBit3.0 #RussianCyberattacks
Keypoints
- DarkGaboon is a threat actor targeting Russian organizations with ransomware since 2023.
- The group uses Russian-language phishing emails to infect networks and deploy LockBit 3.0 ransomware.
- They rely on phishing templates from legitimate Russian sources, remaining consistent over time.
- Recent attacks showed no evidence of data exfiltration, only encryption and ransom notes in Russian.
- DarkGaboon operates independently with tools like Revenge RAT, XWorm, and LockBit, complicating attribution.
Read More: https://therecord.media/new-hacker-group-lockbit-target-russia