cybersecurity

3854 readers

2 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

[email protected]

Head Mare and Twelve: Joint attacks on Russian entities. (securelist.com)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. Our investigation showed that Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents. This suggests potential collaboration and joint campaigns between the two groups.

The attackers continue to refine their methods, employing both familiar tools from past Head Mare incidents and new PowerShell-based tools.

This report analyzes the software and techniques observed in recent Head Mare attacks and how these overlap with Twelve’s activities. The focus is on Head Mare’s TTPs and their evolution, with notes on commonalities with Twelve’s TTPs.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here