Hail0117 Hackers attacked the Darkwatchman virus on the eve of 17:00

HIVE0117 Cyberpreeprient Group organized a large -scale identity hunting attack on Russian companies using Bad Software (VPO) Darkwatchman. The attack took place just before May 29th and affected media, tourism, finance, insurance sector, production, retail, energy, telecommunications and biotechnological organizations. This was reported as “Gazeta.ru” in F6’s press service.

According to cyber security experts, HAVE0117 is a financially motivated group that has been monitored since February 2022. VPO is known for the use of Darkwatchman and the execution of mass identity hunting mails. The attackers mimic communication from real organizations, form and reuse the infrastructure for their attacks. His goals were previously defined not only in Russia, but also in Belarus, Lithuania, Estonia and Kazakhstan.

On April 29, a specific campaign recorded by F6 threat intelligence experts was a large E -Posta Bulletin. The F6 managed XDR system found more than 550 messages and prevented. The letters were sent from an address hidden for “documents dated 04.29.2025” and institutional correspondence.

Investments, “04.29.2025.Rrar dated Dok-You”, “04.29.2025.rar documents” or “04.29.2025.rar documents such as the archives protected by password. The opening of such an archive has launched an infection chain that led to an installation of the attacked system of the modified version of VPO Darkwatchman.

Darkwatchman’s distinctive feature is the ability to secretly move, which means standard anti -virus protection. The fact that an attack on a long weekend is an attack shows the desire of cyber criminals to benefit from the possible reduction in the festival period and the possible decrease in the operational response.

Previously OutputThe new vulnerability in the air allows computer pirates to listen to AirPlay support devices.