Kaspersky Lab has published its first comprehensive technical analysis of cyber groups most actively targeting Russian organizations. The report details 14 groups, outlining their tactics, tools, and the confirmed links between them.
Experts identified three primary clusters of attackers. The first consists of hacktivists motivated by ideology and intent on disrupting infrastructure. Among them are TWELVE, BlackJack, Head Mare, C.A.S., and Crypt Ghouls.
The second cluster comprises APT groups conducting sophisticated cyber-espionage campaigns. This category includes Awaken Likho, Angry Likho, GOFFEE, Cloud Atlas, Librarian Likho (formerly known as Librarian Ghouls), Mythic Likho, and XDSpy.
The third, described by researchers as hybrid, brings together actors with a distinctive signature—BO TEAM and Cyberpartisans.
The analysis revealed that these attackers frequently coordinate their efforts, employ shared tools, and even divide responsibilities: some secure access to infrastructure, while others maintain persistence within systems and inflict damage.
Since 2022, the number of groups operating against Russia has surged, driven largely by hacktivists. By 2025, they had become more experienced, establishing knowledge-sharing networks, refining their toolsets, and actively seeking public attention. At least seven new groups have emerged this year alone.
The top three targets are the government sector, industry, and telecommunications. Notably, adversaries show equal interest in both major corporations and smaller enterprises.
The technical sophistication of attacks has also escalated. Tools once confined to research labs or Red Team exercises are increasingly deployed in real-world incidents—evidence that adversaries are studying professional publications closely and adapting advanced methods to their own ends.
Since 2022, Russia has remained the most targeted nation in cyberspace. The foremost threat to organizations is hacktivism—its scale and execution growing ever more refined, with methods pioneered by one group swiftly replicated by others.
