May 03, 2022

Hive0117 Phishing Campaigns

Industry: Electronic, Industrial, Telecommunication | Level: Strategic | Source: SecurityIntelligence

Security intelligence from IBM Security X-Force shared research, from tracking financially motivated threat group, Hive0117’s latest phishing campaigns. Identified in February 2022, the campaign targets sectors in electronic, industrial, and telecommunications to deploy DarkWatchman, a remote access trojan (RAT). The email campaigns masquerade as communication from the Russian Government’s Federal Bailiffs Service, targeting company leaders in Lithuania, Estonia, and Russia. Activity from this campaign doesn’t appear to be related to the Russia and Ukraine conflict. The motive is suspected to “enable illegal access to numerous distributed clients and end-users” by compromising telecommunication providers and their respective suppliers.