Most of the targets were employees in financial departments.
Multiple Russian companies across different industries have been compromised with LockBit 3.0 ransomware.
Infected by newly identified hacking operation DarkGaboon during an attack campaign this spring, the group used Russian-language emails with financial document-spoofing attachments to lure targets, according to The Record.
Most of the targets were employees in financial departments. Additional evidence of data theft was not determined but the group's ransom notes had email addresses tied to LockBit-based attacks against Russia over two years ago, said Positive Technologies researchers, who also disclosed DarkGaboon's exploitation of XWorm, RevengeRAT, and other open-source tools to conceal malicious activity.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
