Head Mare is a hacktivist group that emerged in 2023 on the social network X (formerly Twitter), publicly revealing information about its victims, including stolen internal documents and screenshots. The group exclusively targets companies in Russia and Belarus, employing advanced phishing tactics and custom malware, such as PhantomDL and PhantomCore.
Key Findings:
Targeted Regions: Focuses solely on organizations in Russia and Belarus.
Phishing Campaigns: Uses phishing emails with RAR archives that exploit the CVE-2023-38831 vulnerability in WinRAR for initial access.
Malware: Deploys custom malware (PhantomDL and PhantomCore) and ransomware (LockBit for Windows, Babuk for Linux/ESXi) to encrypt victims’ devices and demand ransoms.
Victim Industries: Affected sectors include government, transportation, energy, manufacturing, and entertainment.
Motivation: Likely aims to cause maximum damage in the context of the Russo-Ukrainian conflict, with financial extortion as a secondary goal.
[ad_2]
source
