Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedLow impactAI Generated
Pro-Ukraine BO Team & Head Mare Hacktivists Coordinate Cyber Attacks Against Russia – May 2026
Occurred 8 May 2026·Detected 10 May 2026·
🇷🇺 Russia (primary target); Ukraine-linked threat actors; Kaspersky analysis from Moscow1 reportCAT UKCLEnded 25 May 2026
CyberPolitical Violence & WarPropertyCyberCasualty & LiabilityWar Risk
Moscow-based cybersecurity firm Kaspersky has identified coordinated cyber activity between pro-Ukraine hacktivist groups BO Team and Head Mare, targeting Russian entities. Researchers found overlapping infrastructure and tools, including shared command-and-control systems operating on the same compromised host, suggesting active collaboration between the two groups. The operation reflects an escalating pattern of hacktivist coordination in the Russia-Ukraine cyber conflict.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Low impact. LOW: Historical recalibration. The item has some risk relevance but no current concrete London Market loss pathway sufficient for Medium or High. No named insured loss estimate, major commercial asset damage, material closure, claims trigger, or pricing/capacity response is evidenced.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known4 lines
Kaspersky researchers identified overlapping infrastructure used by both BO Team and Head Mare▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Command-and-control systems from both groups were found operating on the same compromised host▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Both groups are described as pro-Ukraine actors targeting Russia▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Report published 8 May 2026▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported2 lines
The two groups appear to have coordinated or collaborated in their attack campaigns▾
structured linereported
No separate sourced-claim record is available for this line yet.
Shared tooling was identified across both groups' operations▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain3 lines
The full scope and targets of the coordinated attacks are not specified in the available content▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether this represents a formal alliance or opportunistic infrastructure sharing is unclear▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Extent of damage or disruption caused to Russian entities is unknown▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Geographic Zone Matches
3 active matches
- JWC Listed AreasRule-basedConfidence 100%
- OFAC Sanctioned CountriesRule-basedConfidence 100%
- EU Sanctions ListRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇷🇺 Russia🇺🇦 Ukraine
Timeline
Status Change3 Jun 2026, 19:09
Lifecycle changed
signal → closed
Closure3 Jun 2026, 19:09
Event Closed
hygiene_sweep_stale
De-escalation25 May 2026, 16:52
Impact changed
medium → low
Initial Detection10 May 2026, 22:10
Initial Detection
Moscow-based cybersecurity firm Kaspersky has identified coordinated cyber activity between pro-Ukraine hacktivist groups BO Team and Head Mare, targeting Russian entities. Researchers found overlapping infrastructure and tools, including shared command-and-control systems operating on the same compromised host, suggesting active collaboration between the two groups. The operation reflects an escalating pattern of hacktivist coordination in the Russia-Ukraine cyber conflict.
Researchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.
Source: The Record (Cyber) (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts