Punishing Owl Attacks Russia: A New Owl in the Hacktivists' Forest

Feb. 4, 2026, 9:20 p.m.

Description

A new hacking group called Punishing Owl has emerged, targeting Russian critical infrastructure. Their first attack on December 12, 2025, compromised a Russian state security agency, leaking internal documents. The group used DNS manipulation, created fake subdomains, and sent phishing emails to the victim's partners. They employed a PowerShell stealer called ZipWhisper to exfiltrate browser data. Punishing Owl's attacks are politically motivated and focus exclusively on Russian targets, including government agencies, scientific institutions, and IT organizations. The group has established a presence on cybercriminal forums and social media, likely operating from Kazakhstan. Experts predict this group will continue to be a persistent threat in the Russian cyberspace.

External References

https://otx.alienvault.com/pulse/698365328fd4c9202353787c
https://habr.com/ru/companies/pt/articles/990374
Tags
phishing
russia
hacktivism
critical infrastructure
bec attacks
2026-02-04
dns manipulation
powershell stealer
zipwhisper

Date

  • Created: Feb. 4, 2026, 3:26 p.m.
  • Published: Feb. 4, 2026, 3:26 p.m.
  • Modified: Feb. 4, 2026, 9:20 p.m.

Indicators

  • 37f307b378c028afa67a236a05224e367ed486ab3ab2f7c3e13518d0823e137d
  • 94b93f4540f01956895a74d2c0b54e502f2be299e4d2ea0a3cc639619377f229
  • f25506f5a7f3580edae159bbdbca3f8d17dfeeaadcc548c8202a764399550778
  • dfd49ea1911fb7e800440c82b6518828ec7fa7c595d7ea6baabec29e5d9cecec
  • b1782f8f3440ce4b184f27c4047439aa998058ec17319a5b08031eda545d5a50
  • 6aa09062a755775e1b11dfd5fa80981fa50e1ecf4ba3f1ae41b2ed8b671e0f6a
  • 09636fbca343f268ee7c0c033e37a9b007fe40ce914c4273ed961d84b52bed17
Download all indicators here!

Attack Patterns

  • ZipWhisper
  • Punishing Owl

Additional Informations

  • Technology
  • Defense
  • Government
  • Russian Federation