VERY IMPORTANT

A new hacking group called Punishing Owl has emerged, targeting Russian critical infrastructure. Their first attack on December 12, 2025, compromised a Russian state security agency, leaking internal documents. The group used DNS manipulation, created fake subdomains, and sent phishing emails to the victim's partners. They employed a PowerShell stealer called ZipWhisper to exfiltrate browser data. Punishing Owl's attacks are politically motivated and focus exclusively on Russian targets, including government agencies, scientific institutions, and IT organizations. The group has established a presence on cybercriminal forums and social media, likely operating from Kazakhstan. Experts predict this group will continue to be a persistent threat in the Russian cyberspace.