Hive0117 Hacker Group Targets Companies in Kazakhstan and Russia

The hacker group Hive0117 has launched cyberattacks against dozens of companies in Kazakhstan and Russia by sending fake emails disguised as messages from the Russian Federal Bailiff Service, Orda.kz reports.

Analysts at the F6 cybersecurity center, a Russian developer of anti-cybercrime solutions, identified a new wave of malicious emails linked to Hive0117. According to their findings, 51 companies were targeted — primarily in Russia, though the number of Kazakh businesses affected has not been specified.

Targets included banks, telecom operators, marketplaces, and firms in sectors ranging from logistics and construction to insurance and pharmaceuticals.

Hive0117 is a financially motivated cybercriminal group that has been conducting attacks since February 2022 using the DarkWatchman malware. The mailings are mass-scale. The attackers disguise themselves as legitimate organizations, registering mailing infrastructure and control domains, often reusing these domains,F6 explained.

The latest spike in activity was recorded on September 24, when emails carrying malware were sent under the guise of official judicial enforcement service notifications. Similar attacks had already taken place in June and July.

Orda.kz has submitted a request to the Information Security Committee for clarification on which Kazakhstani companies may have been among the targets.

Original Author: Nikita Drobny