IBM’s X-Force warns of ongoing cyberattacks by the Russian-aligned group Hive0156 targeting Ukrainian military and government entities using spear-phishing and Remcos RAT malware. The campaigns have evolved from military-themed decoys to formal documents, with sophisticated infection chains and strategic command infrastructure. #Hive0156 #Remcos
Keypoints
- Hive0156 is a Russian-aligned threat group targeting Ukrainian military and government organizations.
- The group uses spear-phishing campaigns with decoy documents referencing military and strategic themes.
- The infection chain involves deploying a hijack loader that downloads a ZIP archive with malicious components.
- Remcos RAT is the primary malware used, offering extensive remote administration capabilities.
- Hive0156 maintains a global network of C2 servers and employs strategic filtering techniques for payload delivery.