Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops and administrative consoles.
By analyzing incidents in Russian companies, Kaspersky researchers identified how Head Mare conducts its attacks, the tools it uses, and established the group’s connection with the PhantomDL malware.
Read more…
Source: Kaspersky
Related:
- Malware in 2025 spread far beyond Windows PCs
December 29, 2025
If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows alone. We’ve seen some major developments, especially in campaigns targeting Android and macOS. Unfortunately, many people still don’t realize that protecting smartphones, tablets, and other connected devices is just as essential as securing their laptops. Banking Trojans ...
- Accused data thief threw MacBook into a river to destroy evidence
December 29, 2025
South Korean e-tailer Coupang claims a former employee has admitted to improperly accessing data describing 33 million of its customers, but says the accused deleted the stolen data. In a post published on Christmas, Coupang revealed it worked with Mandiant, Palo Alto Networks, and Ernst & Young, to conduct a forensic investigation into the incident, and ...
- South Korea: Shinhan Card reports massive data breaches
December 26, 2025
Shinhan Card, one of the country’s top credit card issuers, reported a massive data leak Tuesday. The Seoul-based company said more than 190,000 cases of potential data exposure have been identified that involve merchant partners’ personal and business information. The incident seems to stem from employee actions rather than an external cyberattack. Against this backdrop, Shinhan ...
- Threat landscape for industrial automation systems in Q3 2025
December 25, 2025
In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4 pp to 20.1%. This is the lowest level for the observed period. Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 9.2% in Northern Europe to 27.4% in Africa. The most ...
- Hackers stole over $2.7B in crypto in 2025, data shows
December 23, 2025
Cybercriminals stole $2.7 billion in crypto this year, a new record for crypto-stealing hacks, according to blockchain-monitoring firms. Once again, in 2025, there were dozens of crypto heists hitting several cryptocurrency exchanges and other web3 and decentralized finance (DeFi) projects. The biggest hack by far was the breach at Dubai-based crypto exchange Bybit, where hackers stole ...
- Nissan says Red Hat breach affected thousands of customers
December 23, 2025
Japanese car giant Nissan has confirmed losing sensitive data on thousands of people as a result of a third-party supply chain attack. In a press release, the company said the recent attack on Red Hat affected its customers, as well, as the latter was commissioned by Nissan to develop a customer management system for one of ...