BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Phishing Campaign in Russia Deploys Phantom Stealer via ISO Files

Phishing Campaigns Target Russian Finance, HR, and Aerospace Sectors with Advanced Malware and Credential Theft Tools

  • A phishing campaign named Operation MoneyMount-ISO targets Russian finance and accounting sectors using emails with malicious ISO attachments.
  • The Phantom Stealer Malware in the ISO files steals cryptocurrency wallet data, credentials, and monitors user activity, sending stolen data via Telegram or Discord.
  • Another campaign called DupeHike uses phishing emails to deliver DUPERUNNER implant and AdaptixC2 framework to Russian human resources and payroll departments.
  • Multiple phishing operations also exploit Russian finance, legal, and aerospace sectors to deploy Hacking tools like Cobalt Strike, Formbook, and PhantomRemote using compromised company email servers.
  • French Cybersecurity firm attributes cyberattacks on the Russian aerospace industry to Ukrainian-aligned hacktivists using phishing pages hosted on IPFS and Vercel to steal credentials.

Cybersecurity researchers have uncovered ongoing phishing campaigns targeting diverse sectors within Russia, notably finance, accounting, human resources, and aerospace. The campaign known as Operation MoneyMount-ISO, identified by Seqrite Labs, employs phishing emails disguised as payment confirmations. These emails include ZIP attachments containing ISO files, which mount as virtual drives and launch the Phantom Stealer malware. This malware collects sensitive information from cryptocurrency wallets, authentication tokens, passwords, cookies, credit card data, and logs keystrokes. It transmits stolen data via Telegram bots or Discord webhooks, with capabilities to transfer files to FTP servers. Details are available on the Seqrite blog here.

- Advertisement -

Another phishing operation, called DupeHike and linked to a threat group UNG0902, targets Russian human resources and payroll units. It uses emails involving bonus payments to deliver a ZIP file containing decoys and an LNK shortcut file. The LNK downloads the DUPERUNNER implant, which executes the open-source AdaptixC2 command-and-control framework by injecting it into legitimate Windows processes. More information on DupeHike is available from Seqrite here.

Additional spear-phishing campaigns have focused on Russian finance, legal, and aerospace sectors. These deliver malicious tools such as Cobalt Strike, Formbook, DarkWatchman, and PhantomRemote that enable data theft and remote control. The attackers operate by using the email servers of compromised Russian companies to send phishing messages. Further details on these operations can be found at Seqrite here.

A French cybersecurity company, Intrinsec, has linked recent cyberattacks on the Russian aerospace industry to Ukrainian-aligned hacktivists. Detected between June and September 2025, the attacks overlap with known clusters such as Hive0117 and Rainbow Hyena. They use phishing login pages hosted on the InterPlanetary File System (IPFS) and Vercel to steal Microsoft Outlook and company credentials. According to Intrinsec, the efforts target entities collaborating with Russia’s military during ongoing conflict and Western sanctions. More details are provided on Intrinsec’s website here.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

New Linux KVM Bug Lets Guest Crash Host

A critical vulnerability dubbed 'Januscape' (CVE-2026-53359) allows a guest virtual machine to panic or...

Microsoft lays off 1,600, refocuses Xbox on AI

Microsoft is laying off approximately 1,600 Xbox employees immediately and eliminating another 1,250 roles...

China-linked hackers target Indian taxpayers via tax phishing

A suspected China-nexus cyber campaign named Operation DragonReturn is targeting Indian taxpayers and financial...

Alphabet Launches Two New AI Models, Eyes Stock Boost

Alphabet launches two new AI models, Nano Banana 2 Lite and Gemini Omni Flash,...

Nvidia’s Kyber AI rack delayed to 2028: report

NVIDIA's next-generation Kyber server rack, designed for Rubin Ultra chips, is delayed to 2028...

Must Read

How to Buy Dedicated Hosting With Crypto

In this article I am going to show you how to buy dedicated hosting with crypto from one of the best European hosting providers...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading