Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations


C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools.

Kaspersky latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. In addition, we discovered links between C.A.S and other hacktivist groups, such as the Ukrainian Cyber Alliance and DARKSTAR. Like most hacktivist groups, C.A.S uses Telegram as a platform to spread information about victims. We found a channel that posts news and messages about the group’s attacks and ideology, as well as a chat hosting a discussion of its activities.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • European Commission, other EU orgs recently hit by cyber-attack

    April 6, 2021

    The European Commission and several other European Union organizations were hit by a cyberattack in March, according to a European Commission spokesperson. As revealed by the spokesperson, the “IT security incident” impacted multiple EU institutions, bodies, or agencies’ IT infrastructure. “We are working closely with CERT-EU, the Computer Emergency Response Team for all EU institutions, bodies and ...

  • Conti Gang Demands $40M Ransom from Florida School District

    April 6, 2021

    The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable. The incident that was discovered on March 7 at Broward County Public Schools drew limited ...

  • SAP Bugs Under Active Cyberattack, Causing Widespread Compromise

    April 6, 2021

    Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. Adversaries are carrying out a range of attacks, according to an alert from SAP and security firm Onapsis issued Tuesday – including theft of sensitive data, financial fraud, disruption of mission-critical business processes and other operational ...

  • The leap of a Cycldek-related threat actor

    April 5, 2021

    In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. Initially considered to be the ...

  • Industrial IoT Needs to Catch Up to Consumer IoT

    April 5, 2021

    When it comes to cybersecurity, industrial IT—consisting mainly of operational technology (OT) and industrial control systems (ICS)—has failed to keep up with development in the enterprise IT world. That’s mostly because industries’ adoption of internet technology has been slower when compared with enterprises. It would take some time to close the gap, but concerted efforts have ...

  • 2020 Phishing Trends With PDF Files

    April 5, 2021

    From 2019-20, we noticed a dramatic 1,160% increase in malicious PDF files – from 411,800 malicious files to 5,224,056. PDF files are an enticing phishing vector as they are cross-platform and allow attackers to engage with users, making their schemes more believable as opposed to a text-based email with just a plain link. To lure users ...