Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations


C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools.

Kaspersky latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. In addition, we discovered links between C.A.S and other hacktivist groups, such as the Ukrainian Cyber Alliance and DARKSTAR. Like most hacktivist groups, C.A.S uses Telegram as a platform to spread information about victims. We found a channel that posts news and messages about the group’s attacks and ideology, as well as a chat hosting a discussion of its activities.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • Tycoon Ransomware Banks on Unusual Image File Tactic

    June 4, 2020

    A new ransomware strain called Tycoon is seeking to wheel and deal its way into the Windows and Linux worlds, using a little-known Java image format as part of its kill chain. The ransomware is housed in a trojanized version of the Java Runtime Environment (JRE), according to researchers at BlackBerry Cylance, and has been around ...

  • U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked

    June 4, 2020

    A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information. The company, Westech International, has a range of contracts with the military for everything from ongoing evaluation for the ballistic ...

  • Cycldek: Bridging the (air) gap

    June 3, 2020

    While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the knowledge gap on this group and provide a more thorough insight into its latest activities and modus ...

  • Lemon Duck Cryptominer Spreads through Covid-19 Themed Emails

    June 3, 2020

    Malware authors continue to take advantage of the coronavirus pandemic to propagate threats. In a recent related campaign, we have come across a PowerShell script (mailer script) that distributes the Lemon Duck cryptominer through a new propagation method: Covid-19-themed emails with weaponized attachments. These emails are delivered to all Microsoft Outlook contacts of the user of a ...

  • Threat Assessment: Hangover Threat Group

    June 3, 2020

    Unit 42 researchers recently published on activity by the Hangover threat group (aka Neon, Viceroy Tiger, MONSOON) carrying out targeted cyberattacks deploying BackConfig malware attacks against government and military organizations in South Asia. As a result, we’ve created this threat assessment report for the Hangover Group’s activities. The techniques and campaigns can be visualized using the Unit 42 ...

  • Ransomware gangs team up to form extortion cartel

    June 3, 2020

    Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence. In November 2019, the Maze Ransomware operators transformed ransomware attacks into data breaches after they released unencrypted data of a victim who refused to pay. Soon after, they launched a dedicated “Maze News” site used to shame their unpaid victims ...