Telecommunications, technology, and manufacturing organizations, as well as state entities, across Russia have been experiencing a pressing threat from seemingly independent pro-Ukraine hacktivist operation Black Owl, also known as BO Team, since early last year, reports The Record, a news site by cybersecurity firm Recorded Future.
Malicious emails have been leveraged by the BO Team to infiltrate targeted systems, which have been compromised with the DarkGate, Remcos, and BrockenDoor backdoors weeks or months after initial access, indicating a shift from hacktivists' usually accelerated data exfiltration activities, according to an analysis from Kaspersky. Aside from removing backups and virtual infrastructure, BO Team also spread Babuk ransomware under the guise of legitimate Windows software to facilitate data extortion in certain intrusions, said researchers, who also noted the group's lack of partnerships and infrastructure sharing with other hacktivist operations. "BO Team is a serious threat to Russian organizations because of its unusual approach to cyberattacks," added Kaspersky.
Malicious emails have been leveraged by the BO Team to infiltrate targeted systems, which have been compromised with the DarkGate, Remcos, and BrockenDoor backdoors weeks or months after initial access, indicating a shift from hacktivists' usually accelerated data exfiltration activities, according to an analysis from Kaspersky. Aside from removing backups and virtual infrastructure, BO Team also spread Babuk ransomware under the guise of legitimate Windows software to facilitate data extortion in certain intrusions, said researchers, who also noted the group's lack of partnerships and infrastructure sharing with other hacktivist operations. "BO Team is a serious threat to Russian organizations because of its unusual approach to cyberattacks," added Kaspersky.
