ComicForm Hackers Deploy Formbook Malware in Phishing Campaign Targeting Multiple Sectors

A previously undocumented hacking group, identified as ComicForm, has been active since at least April 2025, targeting organizations across Belarus, Kazakhstan, and Russia. According to an analysis by cybersecurity firm F6, the group has been conducting phishing campaigns to deploy Formbook malware, targeting a wide range of sectors including industry, finance, tourism, biotechnology, research, and commerce.

Formbook is a well-known information stealer that has been used in numerous campaigns to exfiltrate sensitive data, including credentials, screenshots, and keystrokes. The use of Formbook by ComicForm suggests that the group is focused on data theft, which could be for financial gain, espionage, or other malicious purposes.

The broad range of targeted sectors indicates that ComicForm may be conducting opportunistic attacks rather than highly targeted ones. However, the inclusion of biotechnology and research sectors could suggest a more targeted approach for intellectual property theft.

The emergence of ComicForm highlights the ongoing threat of phishing campaigns and the use of established malware by new threat actors. Organizations in the targeted regions and sectors should be vigilant against phishing attempts and ensure that their endpoint protection solutions are capable of detecting and blocking Formbook malware.

This campaign underscores the importance of continuous cybersecurity awareness training for employees to recognize and report phishing attempts. Additionally, organizations should implement robust email filtering solutions to prevent malicious emails from reaching end-users.

The use of Formbook by a new group also suggests that the malware is still effective and widely available, possibly through underground markets or malware-as-a-service platforms. This highlights the need for ongoing threat intelligence sharing and collaboration among cybersecurity professionals to stay ahead of emerging threats.

In conclusion, the ComicForm campaign serves as a reminder of the persistent threat posed by phishing and malware attacks. Organizations should remain vigilant and proactive in their cybersecurity defenses to mitigate the risks associated with such campaigns.