Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations


C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools.

Kaspersky latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. In addition, we discovered links between C.A.S and other hacktivist groups, such as the Ukrainian Cyber Alliance and DARKSTAR. Like most hacktivist groups, C.A.S uses Telegram as a platform to spread information about victims. We found a channel that posts news and messages about the group’s attacks and ideology, as well as a chat hosting a discussion of its activities.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats

    March 23, 2020

    There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, ...

  • Hackers breach FSB contractor and leak details about IoT hacking project

    March 20, 2020

    Russian hacker group Digital Revolution claims to have breached a contractor for the FSB — Russia’s national intelligence service — and discovered details about a project intended for hacking Internet of Things (IoT) devices. The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.” Read more… Source: ZDNet  

  • Developing Story: Coronavirus Used in Malicious Campaigns

    March 20, 2020

    The coronavirus disease (COVID-19) is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains.  As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure likewise increase. Trend Micro researchers are periodically sourcing for samples on coronavirus-related malicious campaigns. This report also includes ...

  • New Mirai Variant Targets Zyxel Network-Attached Storage Devices

    March 19, 2020

    As soon as the proof-of-concept (PoC) for CVE-2020-9054 was made publicly available last month, this vulnerability was promptly abused to infect vulnerable versions of Zyxel network-attached storage (NAS) devices with a new Mirai variant – Mukashi. Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control (C2) server of the successful ...

  • Probing Pawn Storm Cyberespionage Campaign Through Scanning, Credential Phishing and More

    March 19, 2020

    Pawn Storm, an ongoing cyberespionage campaign with activities that can be traced as far back as 2004, has gained notoriety after aiming cyber-attacks at defense contractor personnel, embassies, and military forces of the United States and its allies, as well as international media and citizens across different civilian industries and sectors, among other targets. For years, ...

  • The IIoT Threat Landscape: Securing Connected Industries

    March 18, 2020

    The Industrial Internet of Things (IIoT) provides bridges of connectedness that enable seamless IT and OT convergence. However, threat actors can cross these bridges to compromise systems. As the use of IoT extends beyond the home and goes into the vast industrial landscape, the scale of threats likewise grows. With that being said, some components of ...