BO Team phishing campaign targeting Russian companies with password-protected RAR archives
Campaign
Summary
Hide ▲
Show ▼
BO Team ran an early September 2025 phishing campaign that targeted Russian companies and used password-protected RAR archives to deliver backdoor payloads. The operation mattered because it delivered BrockenDoor and ZeronetKit, expanding the group’s ability to gain access to victims’ systems. The activity is consistent with a targeted, multi-stage intrusion delivery chain rather than a one-off lure.
Related Happenings
Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT
Campaign
First: 04.05.2026 14:57
Last: 04.05.2026 14:57
Sources 1
About this happening:
**Silver Fox** is running a **tax-themed phishing campaign** that now targets **India** with **Income Tax Department** lures and delivers **ValleyRAT (aka Winos 4.0)**. The campai...
Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT
CampaignAbout this happening: **Silver Fox** is running a **tax-themed phishing campaign** that now targets **India** with **Income Tax Department** lures and delivers **ValleyRAT (aka Winos 4.0)**. The campai...
North American cryptocurrency company hit by network compromise
Incident
First: 28.04.2026 11:00
Last: 28.04.2026 11:00
Sources 1
About this happening:
A **North American cryptocurrency company** suffered a **multi-stage intrusion** that began on **January 23, 2026**, and the attackers kept access for **66 days**. The foothold ca...
North American cryptocurrency company hit by network compromise
IncidentAbout this happening: A **North American cryptocurrency company** suffered a **multi-stage intrusion** that began on **January 23, 2026**, and the attackers kept access for **66 days**. The foothold ca...
UNC6783 BPO compromise campaign targeting downstream companies
Campaign
First: 09.04.2026 00:46
Last: 09.04.2026 00:46
Sources 1
About this happening:
**UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...
UNC6783 BPO compromise campaign targeting downstream companies
CampaignAbout this happening: **UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...
Silver Fox South Asia phishing campaign
Campaign
First: 24.03.2026 18:00
Last: 24.03.2026 18:00
Sources 1
About this happening:
The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...
Silver Fox South Asia phishing campaign
CampaignAbout this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...
DarkSword operators phishing and watering-hole campaign
Campaign
First: 18.03.2026 23:15
Last: 18.03.2026 23:15
Sources 1
About this happening:
**DarkSword** operators ran a **cross-border phishing and watering-hole campaign** using an **iPhone exploit chain** against users in **Saudi Arabia** and **Ukraine**, with additi...
DarkSword operators phishing and watering-hole campaign
CampaignAbout this happening: **DarkSword** operators ran a **cross-border phishing and watering-hole campaign** using an **iPhone exploit chain** against users in **Saudi Arabia** and **Ukraine**, with additi...
Timeline
-
26.09.2025 15:45 2 articles · 8mo ago
BO Team phishing campaign targeting Russian companies with password-protected RAR archives
Initial DisclosureIn **early September 2025**, **BO Team** began using **password-protected RAR archives** in a phishing operation against **Russian companies**. The initial delivery stage was designed to introduce **BrockenDoor** and **ZeronetKit** through a staged attachment-based workflow.
Show sources
- New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks — thehackernews.com — 26.09.2025 15:45
- New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks — thehackernews.com — 26.09.2025 15:45