DarkHydrus is a threat actor, also known as LazyMeerkat, G0079, Obscure Serpens. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does DarkHydrus exploit?

Specific CVE exploitation data for DarkHydrus is being tracked. Check the Strobes VI threat actor profile for updates.

DarkHydrus

Also known as: LazyMeerkat, G0079, Obscure Serpens

Exploited CVEs

Overview

In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a previously unpublished threat group we track as DarkHydrus. Based on our telemetry, we were able to uncover additional artifacts leading us to believe this adversary group has been in operation with their current playbook since early 2016. This attack diverged from previous attacks we observed from this group as it involved spear-phishing emails sent to targeted organizations with password protected RAR archive attachments that contained malicious Excel Web Query files (.iqy).

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database

Quick Actions