Critical Infrastructure Security, Threat Intelligence, Malware

Updated DarkWatchman malware sets sights on Russia

Russia and Presidential elections

Telecommunications, energy, finance, media, biotechnology, and tourism organizations across Russia have been subjected to attacks involving a new DarkWatchman malware version as part of a Hive0117 phishing campaign that is believed to not have any association with the ongoing Russia-Ukraine war, according to The Record, a news site by cybersecurity firm Recorded Future.

Hive0117 which has been active since February 2022 distributed malicious emails with password-protected archives, which deployed the updated DarkWatchman malware that enabled keystroke logging, data exfiltration, and further payload delivery, a report from Russian cybersecurity company F6.

Additional details regarding the origins of Hive0117 remain unclear but the threat operation was previously reported to have spoofed organizations in Russia, Estonia, Belarus, Kazakhstan, and Lithuania.

Such findings come as artificial intelligence and social engineering techniques were reported by Russian news media to have been increasingly leveraged by cyber scammers across the country for investment fraud schemes.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds