Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years

Kaspersky discovered a previously undetected, multi-year hacking campaign targeting Russian maritime universities, energy companies, diplomatic missions, government agencies and financial institutions. The actors used phishing ZIP attachments containing a malicious Excel configuration file to execute code and deployed a publicly available post-exploitation framework called Ravage; activity featured long dormant periods and a renewed wave beginning in January. Kaspersky did not attribute the campaign or describe observed post-compromise objectives or the total number of affected organizations.