The Head Mare cyber group is using new tools to gain initial access and persistence in the system.
According to experts, the new attacks used a chain of several backdoors, rather than a single backdoor as in March 2025. This involves the malicious software PhantomRemote, PhantomCSLoader, and PhantomSAgent. In addition, in some cases, attackers also installed SSH tunnels for remote access to the compromised infrastructure.
Kaspersky Lab noted:
The attackers were likely trying to bypass security measures, hoping that if one backdoor was detected, the others would remain in the system.
The attacks still begin with the distribution of malicious emails. This time, they contained an attachment with the PhantomRemote backdoor, allowing remote execution of commands on the infected device.
The attackers prepared a set of additional components in advance and used a chain of backdoors — PhantomCSLoader and PhantomSAgent — to gain persistence in the system. This malware is written in different programming languages, uses a similar model of interaction with the command-and-control server, but differs in internal mechanisms of operation.
Now on home
Герой России Гарнаев: никто из профессионалов о возобновлении производства на КАЗ всерьёз не говорит
Система отслеживает спутники на высотах до 50 000 км и ведёт за ними наблюдение
The armored vehicle is equipped with a KamAZ-740.35-400 diesel engine with a power of 400 hp.
Constant improvements in avionics, weapons and tactical capabilities will make the aircraft a flexible response to future challenges
The exterior of the KamAZ-54901 features fairings on the cab and chassis for fuel economy
Fighters are in demand both domestically and abroad
Tyazhpromexport and Venezuela Agree on Plant Revival
The company not only completed the state order, but also quickly mastered the production of AK-12K for special forces
Experts have developed a photogrammetric complex with a resolution of less than 1 cm
