216.73.217.80

Head Mare and Twelve: Joint attacks on Russian entities

· Published 13/03/2025 14:58 · Modified 13/03/2025 19:27

Export JSON

Essential information

Published
13/03/2025 14:58
Modified
13/03/2025 19:27
Tags
2025-03-13 CVE-2021-26855 CVE-2023-38831 babuk cobint hacktivism infrastructure sharing lockbit lockbit 3.0 phantomjitter ransomware
Related entities
1 intrusion sets (apt), 25 techniques (mitre), 6 malware, 4 others

Description

Head Mare and Twelve, two hacktivist groups, have launched joint attacks on Russian companies. Head Mare has expanded its toolkit, now using tools previously associated only with Twelve, such as the backdoor. The attackers gained initial access through phishing emails and compromised contractors. They used various tools for reconnaissance, privilege escalation, lateral movement, and data exfiltration. The final goal was file encryption using and . Overlaps in infrastructure, tactics, and tools suggest collaboration between the two groups. The attacks primarily targeted manufacturing, government, and energy sectors in Russia.

External references