Intensifies Attacks On Russia With PhantomCore

SUMMARY :

The Head Mare hacktivist group has escalated its campaign against Russian targets using the PhantomCore backdoor. The group employs deceptive ZIP archives containing malicious LNK files and executables disguised as archive files to deploy PhantomCore. This C++-compiled backdoor, which replaces earlier GoLang versions, incorporates the Boost.Beast library for C&C communication. PhantomCore gathers victim information and awaits further commands from the C&C server. The infection chain involves PowerShell commands to extract and execute the malware. Head Mare's campaign spans various industries and may deploy ransomware like LockBit and Babuk. The group's evolving tactics and ability to collect data and deploy additional payloads highlight the ongoing threat to Russian organizations.

OPENCTI LABELS :

apt,backdoor,ransomware,russia,cve-2023-38831,lockbit,babuk,phantomcore,hacktivist,boost.beast


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Intensifies Attacks On Russia With PhantomCore