Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations


C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools.

Kaspersky latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. In addition, we discovered links between C.A.S and other hacktivist groups, such as the Ukrainian Cyber Alliance and DARKSTAR. Like most hacktivist groups, C.A.S uses Telegram as a platform to spread information about victims. We found a channel that posts news and messages about the group’s attacks and ideology, as well as a chat hosting a discussion of its activities.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • The story of the year: ransomware in the headlines

    December 7, 2021

    In the past twelve months, the word “ransomware” has popped up in countless headlines worldwide across both print and digital publications: The Wall Street Journal, the BBC, the New York Times. It is no longer just being discussed by CISOs and security professionals, but politicians, school administrators, and hospital directors. Words like Babuk and REvil ...

  • Two Birds With One Stone: An Introduction To V8 And JIT Exploitation

    December 7, 2021

    In this special blog series, ZDI Vulnerability Researcher Hossein Lotfi looks at the exploitation of V8 – Google’s open-source high-performance JavaScript and WebAssembly engine – through the lens of a bug used during Pwn2Own Vancouver 2021. The contest submission from Bruno Keith and Niklas Baumstark exploited both Google Chrome and Microsoft Edge (Chromium) with the ...

  • State of Cybersecurity in Germany in 2021

    December 7, 2021

    According to Germany’s Federal Office for Information Security (BSI), the country faces a grave and growing threat as society becomes more digitally connected and criminals more sophisticated. The BSI said threat levels have reached red alarm levels. Threat level increased BSI published their annual report “The State of IT Security in Germany in 2021.” It highlights that ...

  • Emotet now drops Cobalt Strike, fast forwards ransomware attacks

    December 7, 2021

    In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim’s ...

  • NICKEL targeting government organizations across Latin America and Europe

    December 6, 2021

    The Microsoft Threat Intelligence Center (MSTIC) has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016 and observed some common activity with other actors known in the security community as APT15, APT25, ...

  • U.S. State Department phones hacked with Israeli company spyware

    December 3, 2021

    Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter. The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning ...