Summary: A report by Kaspersky Labs reveals collaboration between hacktivist groups Head Mare and Twelve in a series of attacks against Russian companies in September 2024. They are utilizing shared tools and infrastructure, including the new Cobint backdoor, indicating a coordinated approach in their cyber offensive tactics. The report explores the evolution of their techniques, tools, and methods of attack, highlighting the use of phishing, software vulnerabilities, and new persistence mechanisms for maintaining access to compromised systems.
Affected: Russian companies
Keypoints :
- Evidence of collaboration between Head Mare and Twelve, sharing tools and C2 servers.
- Introduction of the Cobint backdoor and independent development of the PhantomJitter backdoor.
- Exploitation of software vulnerabilities while changing persistence methods by creating privileged local users.
- Stark similarities in TTPs, with the use of common tools for reconnaissance and exploitation.
- Ongoing modifications to attack vectors, including a shift from purely phishing attacks to exploiting trusted contractor relationships.