Telecommunications, energy, finance, media, biotechnology, and tourism organizations across Russia have been subjected to attacks involving a new DarkWatchman malware version as part of a Hive0117 phishing campaign that is believed to not have any association with the ongoing Russia-Ukraine war, according to The Record, a news site by cybersecurity firm Recorded Future.
Hive0117 which has been active since February 2022 distributed malicious emails with password-protected archives, which deployed the updated DarkWatchman malware that enabled keystroke logging, data exfiltration, and further payload delivery, a report from Russian cybersecurity company F6.
Additional details regarding the origins of Hive0117 remain unclear but the threat operation was previously reported to have spoofed organizations in Russia, Estonia, Belarus, Kazakhstan, and Lithuania.
Such findings come as artificial intelligence and social engineering techniques were reported by Russian news media to have been increasingly leveraged by cyber scammers across the country for investment fraud schemes.
Hive0117 which has been active since February 2022 distributed malicious emails with password-protected archives, which deployed the updated DarkWatchman malware that enabled keystroke logging, data exfiltration, and further payload delivery, a report from Russian cybersecurity company F6.
Additional details regarding the origins of Hive0117 remain unclear but the threat operation was previously reported to have spoofed organizations in Russia, Estonia, Belarus, Kazakhstan, and Lithuania.
Such findings come as artificial intelligence and social engineering techniques were reported by Russian news media to have been increasingly leveraged by cyber scammers across the country for investment fraud schemes.




