Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia
Researchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.
A pro-Ukraine hacktivist group known as BO Team appears to be coordinating its cyber operations with another group, Head Mare, in attacks targeting Russian organizations, according to a new report.
Researchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.
In previous reports, Kaspersky said BO Team, also known as Black Owl, operates more autonomously than other pro-Ukraine hacktivist groups, with its own resources and approaches to deploying malicious tools.
Source: https://therecord.media/ukraine-bo-team-head-mare-hacktivists-team-up-kaspersky
Related breach coverage
- North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware2026-05-07
Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame.
- Hackers compromise Daemon Tools in global supply-chain attack, researchers say2026-05-06
Researchers at Kaspersky said attackers tampered with installers for Daemon Tools — a popular program used to mount disk images as virtual drives — and distributed them through the software’s official website.
- Educational tech firm Instructure data breach may have impacted 9,000 schools2026-05-05
Instructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (LMS). The U.S. firm confirrmed a cybersecurity incident that exposed users’ personal information. The company is working with external […]
- Vendor Says Daemon Tools Supply Chain Attack Contained2026-05-07
The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek.