Russian Hacking Groups Target Tech Executives via DocuSign, Use TwoDash and Statuezy Malware

Recent cybersecurity reports highlight significant threats from Russian-linked hacking groups. Cado Security Labs identified a spearphishing email campaign targeting tech executives via DocuSign. Concurrently, the Turla group, associated with Russia, has been exploiting infrastructure from a Pakistani hacking group to conduct espionage against Afghan and Indian government targets, utilizing custom malware named TwoDash and Statuezy. Additionally, the Russian FSB has breached the Pakistani APT group Storm-0156. Researchers from Microsoft and Lumen's Black Lotus Labs also noted that Turla hackers are leveraging Pakistani hackers' servers for their operations. In another development, phishing campaigns utilizing Cloudflare domains have more than doubled between 2023 and 2024, according to a report by Fortra. Meanwhile, a new Android Trojan named DroidBot has emerged, targeting banking and cryptocurrency applications, with an estimated cost of $3,000. This malware is part of a broader trend of Trojan-as-a-Service models affecting European banks and crypto exchanges. Furthermore, the Gamaredon threat actor is employing advanced tactics such as Cloudflare Tunnels and DNS fast-fluxing to conceal malware delivery systems, specifically targeting Ukrainian entities with GammaDrop malware.