Head Mare and Twelve: Joint attacks on Russian entities | Securelist

Head Mare and Twelve, two hacktivist groups, collaborated on attacks targeting Russian companies in September 2024. The attackers used a mix of familiar and new tools, including CobInt and PhantomJitter backdoors, and exploited vulnerabilities like CVE-2023-38831 and CVE-2021-26855. They employed techniques like masquerading and removing artifacts to evade detection.