216.73.217.139

Punishing Owl Attacks Russia: A New Owl in the Hacktivists' Forest

· Published 04/02/2026 15:26 · Modified 04/02/2026 21:20

Export JSON

Essential information

Published
04/02/2026 15:26
Modified
04/02/2026 21:20
Tags
2026-02-04 bec attacks critical-infrastructure dns manipulation hacktivism phishing powershell stealer russia zipwhisper
Related entities
7 observables, 1 intrusion sets (apt), 14 techniques (mitre), 1 malware, 4 others

Description

A new hacking group called Punishing Owl has emerged, targeting Russian critical infrastructure. Their first attack on December 12, 2025, compromised a Russian state security agency, leaking internal documents. The group used , created fake subdomains, and sent emails to the victim's partners. They employed a called to exfiltrate browser data. Punishing Owl's attacks are politically motivated and focus exclusively on Russian targets, including government agencies, scientific institutions, and IT organizations. The group has established a presence on cybercriminal forums and social media, likely operating from Kazakhstan. Experts predict this group will continue to be a persistent threat in the Russian cyberspace.

External references