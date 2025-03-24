Russia is having its government- and privately-controlled organizations targeted by the Head Mare and Twelve hacktivist operations in new joint intrusions, with the former previously found to have used tools and command-and-control servers linked to Twelve, The Hacker News reports. After exploiting known security vulnerabilities, including the ProxyLogon flaw, to facilitate the deployment of the CobInt backdoor associated with the Twelve, ExCobalt, and Crypt Ghouls groups, and the PhantomJitter implant, Head Mare proceeded to leverage various tools for reconnaissance, lateral movement, remote host communications, and data transfers before distributing the LockBit 3.0 and Babuk ransomware payloads, an analysis from Kaspersky revealed. Organizations subjected to the intrusions were then urged to communicate with hackers via Telegram for file decryption. Such findings come after North Korean state-backed threat operation APT37, also known as ScarCruft, Ricochet Chollima, Reaper, and Squid Werewolf, was reported by BI.ZONE to have targeted a Russian industrial firm in a December attack resembling the SHROUDED#SLEEP campaign in October.
Threat Intelligence
Russia subjected to suspected joint Head Mare, Twelve attacks
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds