ProUkraine hacker group Black Owl poses major threat to Russia Kaspersky says The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstateppElectionsppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp A littleknown hacking group has emerged as a major threat to Russian state institutions and critical industries carrying out attacks aimed at causing maximum disruption and extracting financial gain according to a new report pp BO Team also known as Black Owl has been active since early 2024 and appears to operate independently with its own arsenal of tools and tactics researchers at Russian cybersecurity firm Kaspersky said pp Among the groups most disruptive operations was a cyberattack last month that reportedly wiped out about a third of Russias national electronic court filing system Ukrainian military intelligence HUR previously said it cooperated with BO Team on several operations including breaches of Russias federal digital signature authority and a scientific research center pp The group typically gains initial access to victims systems through phishing emails containing convincing malicious attachments Once inside BO Team may wait weeks or even months before taking action an unusual delay for hacktivists who typically aim to destroy or steal data quickly The groups evolving toolkit includes the backdoors DarkGate BrockenDoor and Remcos pp After compromising a network BO Team deletes backups and virtual infrastructure using tools like Microsofts SDelete and in some cases deploys Babuk ransomware to encrypt data and demand payment the researchers said The hackers are known to disguise their malware as legitimate Windows software pp BO Team has exclusively targeted organizations in Russia including staterun companies and entities in the technology telecom and manufacturing sectors The hackers often post about their attacks on Telegram both to intimidate victims and draw media attention pp BO Team is a serious threat to Russian organizations because of its unusual approach to cyberattacks Kaspersky said Unlike other proUkraine hacktivist groups it shows little sign of coordination collaboration or toolsharing with others setting it apart in Russias current hacktivist landscape researchers added ppDaryna Antoniukppis a reporter for Recorded Future News based in Ukraine She writes about cybersecurity startups cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia She previously was a tech reporter for Forbes Ukraine Her work has also been published at Sifted The Kyiv Independent and The Kyiv PostppPrivacyppAboutppContact Uspp Copyright 2025 The Record from Recorded Future Newsp