Wednesday, May 7, 2025
HomeComputer SecurityDarkHydrus – Malicious Hackers Group using Open-source Phishing Tool to Steal Credentials

DarkHydrus – Malicious Hackers Group using Open-source Phishing Tool to Steal Credentials

Published on

SIEM as a Service

Follow Us on Google News

Newly discovered cyber espionage group DarkHydrus carrying out credential harvest attack on government entities and educational institutions in the Middle East. DarkHydrus used the open-source Phishery tool to carry out the targeted attacks.

Palo Alto observed the ongoing spear-phishing email campaign with the subject “Project Offer” that contains malicious word documents as an attachment.

DarkHydrus Campaign

When the user opens the malicious word document present in the phishing email it attempts to load a template from a remote server and pops-up an authentication dialog box and ask the user to input the login credentials.

The authentication prompt connected with the domain [“<redacted>. 0utl00k[.]net“] which is the C&C server for the cyber espionage group DarkHydrus. Attackers use 0utl00k[.]net which resembles the Microsoft’s legitimate “outlook.com” to make the user less suspicious.

- Advertisement - Google News

Once user enter’s the credentials in the dialog box it will be sent to attackers C&C server and the dialog box will go away and open’s an empty document.

Palo Alto researchers also found another two malicious word documents using the domain 0utl00k[.]net that is associated with September and November 2017 campaigns. Both of the campaigns appear particularly targeting an organization.

Out of the three malicious Word documents, two of the documents created using Phishery tool which provides the ability to install inject the URL into a .docx Word document and hosting a C&C server.

DarkHydrus carrying out all the credential harvesting attacks that use weaponized Word documents created through Phishery tool and continues to target the government and educational institutions.

IoC

Samples
d393349a4ad00902e3d415b622cf27987a0170a786ca3a1f991a521bff645318
9eac37a5c675cd1750cd50b01fc05085ce0092a19ba97026292a60b11b45bf49
0b1d5e17443f0896c959d22fa15dadcae5ab083a35b3ff6cb48c7f967649ec82
C&C Server IP and Domain
0utl00k[.]net
107.175.150[.]113
195.154.41[.]150

How to stay safe

1. Have a unique Email address.
2. Do not open any attachments without proper validation.
3. Don’t open emails voluntary emails.
4. Use Spam filters & Antispam gateways.
5. Never respond to any spam emails.

Also Read

Real-Time Intelligence Feed to Catch Malicious Phishing Domains SSL Certificate

Phishing and Keylogging Major Threats to Google Accounts Security

Hackers can Bypass Two-Factor Authentication with Phishing Attack

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

INDOHAXSEC Hacker Group Allegedly Breaches Malaysia’s National Tuberculosis Registry

The Indonesian hacker group "INDOHAXSEC" has allegedly breached the National Tuberculosis Registry (NTBR) of...

Is this Website Safe: How to Check Website Safety – 2025

is this website safe? In this digital world, Check a website is safe is...

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical...