Russian Power Companies Targeted by Decoy Dog Trojan

This technical report details the infiltration of Russian power companies, IT firms, and government agencies by the Decoy Dog Trojan, attributed to the HellHounds threat group. Documented initially in November 2023, the report outlines that the malware has compromised 48 victims across various sectors, including telecom and space industries. The report explains the attack vectors employed by the HellHounds, including the use of compromised SSH login credentials to gain access to systems and the distribution of a Windows variant of Decoy Dog during Operation Lahat. The malware is noted for its ability to use DNS tunneling for communication and to maintain covert access to infected hosts. Additionally, the report lists indicators of compromise, including specific domains and file hashes associated with the malware. Recommendations for security administrators are provided, emphasizing the need for blocking identified IOCs, conducting security assessments, and applying the Principle of Least Privilege across systems.