DarkWatchman

DarkWatchman is a sophisticated malware known for its capabilities of keylogging, collecting system information, and deploying secondary payloads. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, and even deploy additional harmful software. The malware has been associated with recent cyberattacks on Russian banks, telecom operators, logistics, and tech companies. These attacks were recorded by F.A.C.C.T., and involved hackers disguising a phishing email as a newsletter from a Russian courier delivery service. This strategy aligns with previous campaigns conducted by Hive0117, a group known for imitating official correspondence from the Russian government in their phishing emails to deliver DarkWatchman. IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117, which delivered the fileless malware DarkWatchman. This campaign was directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. The use of phishing emails mimicking conscription summons suggests a significant effort to induce a sense of urgency, further enhancing the effectiveness of the attack.