September 3, 2024 at 09:54AM
Head Mare, a hacktivist group active since 2023, targets organizations in Russia and Belarus using advanced methods. Exploiting a recent WinRAR vulnerability, the group conceals and delivers malicious payloads effectively. It employs ransomware like LockBit and Babuk, with tools such as PhantomDL and PhantomCore, and is linked to the Russo-Ukrainian conflict. The group’s tactics resemble those of similar clusters targeting the region.
From the meeting notes, it is clear that a hacktivist group known as Head Mare has been identified as the perpetrator of cyber attacks targeting organizations in Russia and Belarus. The group utilizes sophisticated methods and tools, exploiting vulnerabilities such as CVE-2023-38831 in WinRAR to gain unauthorized system access and deliver malicious payloads. Additionally, they have been observed using custom-made malware, including PhantomDL and PhantomCore, along with open-source tools like Sliver for their attacks.
Targets of Head Mare’s attacks encompass various sectors such as government, transportation, energy, manufacturing, and the environment. They also employ ransomware such as LockBit for Windows and Babuk for Linux (ESXi) to encrypt victims’ devices and demand ransom for data decryption.
The group’s tactics involve disguising their malware as legitimate applications and distributing them via phishing campaigns using double extensions in filenames. They also deploy scheduled tasks and registry values to conceal their activities as tasks related to Microsoft software.
Head Mare’s operations exhibit similarities to those of other groups associated with clusters targeting organizations in Russia and Belarus within the context of the Russo-Ukrainian conflict, yet they differentiate themselves by using custom-made malware and exploiting relatively new vulnerabilities.
In summary, the meeting notes provide significant insights into the tactics, procedures, and tools employed by Head Mare and their distinction within the context of cyber attacks targeting specific regions and sectors.