Summary: A financially motivated hacker group, Hive0117, is targeting various Russian industries through a phishing campaign using modified DarkWatchman malware. The attacks involve phishing emails with password-protected archives that, once opened, allow hackers to record keystrokes and deploy additional malware. The group’s activities are not linked to the ongoing cyber conflict between Russia and Ukraine, and their origins remain unknown.
Affected: Russian companies across multiple sectors
Keypoints :
- Hive0117 has targeted industries including media, tourism, biotechnology, finance, energy, and telecommunications.
- The phishing campaign uses emails disguised as military conscription notices to lure victims.
- Researchers report that the group has been active since February 2022 and has impersonated legitimate organizations in multiple countries.
- Recent reports indicate a rise in scams using AI and social engineering tactics in Russia.
Source: https://therecord.media/darkwatchman-malware-russia-cybercrime-hive0117