Head Mare and Twelve: Joint attacks on Russian entities
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Head Mare and Twelve, two hacktivist groups, have launched joint attacks on Russian companies. Head Mare has expanded its toolkit, now using tools previously associated only with Twelve, such as the CobInt backdoor. The attackers gained initial access through phishing emails and compromised contractors. They used various tools for reconnaissance, privilege escalation, lateral movement, and data exfiltration. The final goal was file encryption using LockBit 3.0 and Babuk ransomware. Overlaps in infrastructure, tactics, and tools suggest collaboration between the two groups. The attacks primarily targeted manufacturing, government, and energy sectors in Russia.
OPENCTI LABELS :
ransomware,cve-2023-38831,lockbit,hacktivism,cve-2021-26855,babuk,lockbit 3.0,cobint,infrastructure sharing,phantomjitter
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Head Mare and Twelve: Joint attacks on Russian entities