Head Mare, a Russian-focused hacktivist group, gained notoriety in 2023 by targeting organizations in Russia and Belarus as they employ phishing tactics to distribute WinRAR archives exploiting the CVE-2023-38831 vulnerability, gaining initial access to victims’ systems.  Once inside, they steal sensitive data and encrypt devices using LockBit and Babuk ransomware, whose toolset and tactics align with those of other groups attacking Russian entities, suggesting potential connections or shared resources. Head Mare post on X The Head Mare hacktivist group, targeting Russian and Belarusian organizations, uses sophisticated techniques for initial access and persistence by leveraging the CVE-2023-38831 vulnerability in WinRAR to distribute malicious PhantomDL and PhantomCore payloads.  These malware samples establish communication with attackers’ command and control servers, identify the infected domain, and persist in the system using registry keys and scheduled tasks.

Source: GBHackers