Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations


C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools.

Kaspersky latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. In addition, we discovered links between C.A.S and other hacktivist groups, such as the Ukrainian Cyber Alliance and DARKSTAR. Like most hacktivist groups, C.A.S uses Telegram as a platform to spread information about victims. We found a channel that posts news and messages about the group’s attacks and ideology, as well as a chat hosting a discussion of its activities.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • Discord Nitro gift codes now demanded as ransomware payments

    April 18, 2021

    In a novel approach to ransom demands, a new ransomware calling itself ‘NitroRansomware’ encrypts victim’s files and then demands a Discord Nitro gift code to decrypt files. While Discord is free, they offer a Nitro subscription add-on for $9.99 per month that provides additional perks, such as larger uploads, HD video streaming, enhanced emojis, and the ...

  • Ryuk ransomware operation updates hacking techniques

    April 17, 2021

    Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Furthermore, using targeted phishing emails to deliver the malware continues ...

  • NSA: 5 Security Bugs Under Active Nation-State Cyberattack

    April 16, 2021

    The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. ...

  • BazarLoader Malware Abuses Slack, BaseCamp Clouds

    April 16, 2021

    The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. The BazarLoader downloader, written in C++, has the primary function of downloading and executing ...

  • Cyberattack on UK university knocks out online learning, Teams and Zoom

    April 16, 2021

    The University of Hertfordshire has suffered a devastating cyberattack that knocked out all of its IT systems, including Office 365, Teams and Zoom, local networks, Wi-Fi, email, data storage and VPN. The university reported the hit by attackers on Wednesday, resulting in the cancellation of all online classes on Thursday and Friday. “Shortly before 22:00 on Wednesday ...

  • XCSSET Quickly Adapts to macOS 11 and M1-based Macs

    April 16, 2021

    Last year, Trend Micro reserchers first found XCSSET, which targeted Mac users by infecting Xcode projects. Initially reported as a malware family, in light of our recent findings it is now classified as an ongoing campaign. This latest update details our new research regarding XCSSET, including the ways in which it has adapted itself to ...