Find notable cyber news and cases, enriched with sources, timelines, and signals.

BO Team phishing campaign targeting Russian companies with password-protected RAR archives

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

BO Team ran an early September 2025 phishing campaign that targeted Russian companies and used password-protected RAR archives to deliver backdoor payloads. The operation mattered because it delivered BrockenDoor and ZeronetKit, expanding the group’s ability to gain access to victims’ systems. The activity is consistent with a targeted, multi-stage intrusion delivery chain rather than a one-off lure.

Related Happenings

Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT

Campaign
H score36 First: 04.05.2026 14:57 Last: 04.05.2026 14:57 Sources 1

About this happening: **Silver Fox** is running a **tax-themed phishing campaign** that now targets **India** with **Income Tax Department** lures and delivers **ValleyRAT (aka Winos 4.0)**. The campai...

North American cryptocurrency company hit by network compromise

Incident
H score31 First: 28.04.2026 11:00 Last: 28.04.2026 11:00 Sources 1

About this happening: A **North American cryptocurrency company** suffered a **multi-stage intrusion** that began on **January 23, 2026**, and the attackers kept access for **66 days**. The foothold ca...

The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up

Threat Actor Meta
H score57 First: 21.04.2026 17:00 Last: 21.04.2026 17:00 Sources 1

About this happening: **The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...

UNC6783 BPO compromise campaign targeting downstream companies

Campaign
H score65 First: 09.04.2026 00:46 Last: 09.04.2026 00:46 Sources 1

About this happening: **UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...

Silver Fox South Asia phishing campaign

Campaign
H score34 First: 24.03.2026 18:00 Last: 24.03.2026 18:00 Sources 1

About this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...

Timeline

  1. 26.09.2025 15:45 2 articles · 9mo ago

    BO Team phishing campaign targeting Russian companies with password-protected RAR archives

    Initial Disclosure

    In **early September 2025**, **BO Team** began using **password-protected RAR archives** in a phishing operation against **Russian companies**. The initial delivery stage was designed to introduce **BrockenDoor** and **ZeronetKit** through a staged attachment-based workflow.

    Show sources