Blog
Share This Post
[ad_1]
Manufacturing, government, transportation, environment, and energy organizations in Russia and Belarus have been subjected to phishing attacks by the hacktivist operation Head Mare since last year, The Hacker News reports.
After obtaining initial network access through the exploitation of the VMware vulnerability, tracked as CVE-2023-38831, Head Mare proceeds with the deployment of the PhantomDL and PhantomCore backdoors that facilitate additional payload delivery, according to a Kaspersky analysis. Aside from establishing scheduled tasks and registry values to conceal malicious activity, attackers also leveraged the open-source command-and-control framework Sliver and the Mimikatz, ngrok, and rsockstun tools for credential harvesting, lateral movement, and network discovery operations before ultimately launching the LockBit and Babuk ransomware strains against Windows and Linux systems, respectively, Kaspersky researchers said. “The tactics, methods, procedures, and tools used by the Head Mare group are generally similar to those of other groups associated with clusters targeting organizations in Russia and Belarus within the context of the Russo-Ukrainian conflict,” said researchers.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
