Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations


C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools.

Kaspersky latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. In addition, we discovered links between C.A.S and other hacktivist groups, such as the Ukrainian Cyber Alliance and DARKSTAR. Like most hacktivist groups, C.A.S uses Telegram as a platform to spread information about victims. We found a channel that posts news and messages about the group’s attacks and ideology, as well as a chat hosting a discussion of its activities.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • APT trends report Q1 2020

    April 30, 2020

    For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They ...

  • Spear-phishing campaign compromises executives at 150+ companies

    April 30, 2020

    A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today. The group, codenamed PerSwaysion, appears to have targeted the financial sector primarily, which accounted for more than half of its victims; although, victims have been recorded at companies active across other verticals ...

  • Security 101: How Fileless Attacks Work and Persist in Systems

    April 30, 2020

    As security measures get better at identifying and blocking malware and other threats, modern adversaries are constantly crafting sophisticated techniques to evade detection. One of the most persistent evasion techniques involves fileless attacks, which do not require malicious software to break into a system. Instead of relying on executables, these threats misuse tools that are ...

  • WebMonitor RAT Bundled with Zoom Installer

    April 29, 2020

    The coronavirus pandemic has highlighted the usefulness of communication apps for work-from-home (WFH) setups. However, like they always do, cybercriminals are expected to exploit popular trends and user behavior. We have witnessed threats against several messaging apps including Zoom. In early April, we spotted an attack leveraging Zoom installers to spread a cryptocurrency miner. We recently encountered a similar attack ...

  • Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app

    April 29, 2020

    A group of nearly 175 UK academics has criticised the NHS’s planned COVID-19 contact-tracing app for a design choice they say could endanger users by creating a centralised store of sensitive health and travel data about them. In the open letter published this afternoon, the 173 scholars called on NHSX, the state-run health service’s app-developing and ...

  • Remote spring: the rise of RDP bruteforce attacks

    April 29, 2020

    With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the ...