Researchers at IBM X-Force recently identified a new phishing campaign most likely conducted by a financially motivated threat group, currently labelled as Hive0117. The campaign spoofs Russian Dept of Justice email addresses and official communications, specifically purporting to be emails from Russian Government’s Federal Bailiffs Service. The Russian-language emails are addressed to members of organizations, often company owners or other individuals with elevated access, in Lithuania, Estonia, and Russia in the Telecommunications, Electronic and Industrial sectors. These targeted organizations include subsidiaries of international companies operating in those regions. The emails contain zip files with Russian language names such as “Performance List”, “Writ of Execution”, and “Invoice”, which subsequently load the DarkWatchman JavaScript backdoor. The attacks predate the Ukraine-Russia war, beginning in February 2022, and currently are not attributed by X-Force researchers to state sponsored activity.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is