Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations


C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools.

Kaspersky latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. In addition, we discovered links between C.A.S and other hacktivist groups, such as the Ukrainian Cyber Alliance and DARKSTAR. Like most hacktivist groups, C.A.S uses Telegram as a platform to spread information about victims. We found a channel that posts news and messages about the group’s attacks and ideology, as well as a chat hosting a discussion of its activities.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • PHP Infiltrated with Backdoor Malware

    March 29, 2021

    The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. They were discovered before they went into production. PHP is a widely used open-source scripting language often used for web development. It can be embedded into HTML. The commits were pushed ...

  • Harris Federation hit by ransomware attack affecting 50 schools

    March 29, 2021

    The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday. Harris Federation is an education charity running 50 Harris primary and secondary academies with 37,000 students from London and surrounding areas. The attack hit the school trust’s systems over the weekend on Saturday, March 27, ...

  • Hades Ransomware Gang Exhibits Connections to Hafnium

    March 29, 2021

    The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers – including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques. The researchers said that its investigations into the group’s cyberattacks at the end of ...

  • Newly-Discovered Vulnerabilities Could Allow for Bypass of Spectre Mitigations in Linux

    March 29, 2021

    Two new vulnerabilities have been patched in the Linux kernel which, if exploited, could bypass existing mitigations for the Spectre vulnerabilities. The vulnerabilities were discovered by Piotr Krysiuk, a researcher on Symantec’s Threat Hunter team, who reported them to the Linux kernel security team. If left unpatched, the vulnerabilities mean that existing Spectre protections will ...

  • Ransomware admin is refunding victims their ransom payments

    March 28, 2021

    After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back. It appears that this is a planned move since the admin shared the “good news” a little over a week ago, but gave no details. Shutdown followed by money-back move Ziggy ransomware shut down ...

  • The security dilemma of smart factories [Part 1] Specificity of the programming languages used to move industrial robots

    March 26, 2021

    Industrial robots are the core of the automation of manufacturing processes in smart factories, and are the most important components as they support the manufacture of all kinds of products such as automobiles, aircraft, processed foods, and pharmaceuticals. In addition, as equipment that realizes unmanned manufacturing in the post-COVID-19 world where minimal or no contact ...