Hive0117’s Malware Mischief: Russian Firms Fall for DarkWatchman Prank

In a plot twist worthy of a spy novel, the Hive0117 group has unleashed a new variant of the DarkWatchman malware on Russian firms. Just like an email from your long-lost uncle, these phishing attacks are as sneaky as ever. Even antivirus software is throwing its hands up in defeat.

3P
Published: May 1, 2025 8:37 amAdded: May 1, 2025 at 1:54 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Hive0117 is taking a page out of the hacker’s handbook titled “How to Ruin Your Weekend.” Just when you thought it was safe to take a long holiday, this cybercrime group decided to gift Russian firms with a malware masquerade ball, featuring the new and improved DarkWatchman. Who needs a break when you can have a breach?

Key Points:

  • Hive0117 is targeting a wide range of sectors in Russia with phishing attacks.
  • The group is using a modified version of the DarkWatchman malware.
  • The phishing campaign was detected by F6 Threat Intelligence on April 29, 2025.
  • Emails were sent with the subject “Documents from 04/29/2025” to appear legitimate.
  • The campaign strategically coincided with a long weekend to exploit reduced vigilance.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?