Punishing Owl Attacks Russia: A New Owl in the Hacktivists' Forest
Essential information
- Published
- 04/02/2026 15:26
- Modified
- 04/02/2026 21:20
- Tags
- 2026-02-04 bec attacks critical-infrastructure dns manipulation hacktivism phishing powershell stealer russia zipwhisper
- Related entities
- 7 observables, 1 intrusion sets (apt), 14 techniques (mitre), 1 malware, 4 others
Description
A new hacking group called Punishing Owl has emerged, targeting Russian critical infrastructure. Their first attack on December 12, 2025, compromised a Russian state security agency, leaking internal documents. The group used DNS manipulation, created fake subdomains, and sent phishing emails to the victim's partners. They employed a PowerShell stealer called ZipWhisper to exfiltrate browser data. Punishing Owl's attacks are politically motivated and focus exclusively on Russian targets, including government agencies, scientific institutions, and IT organizations. The group has established a presence on cybercriminal forums and social media, likely operating from Kazakhstan. Experts predict this group will continue to be a persistent threat in the Russian cyberspace.