While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers breach and expose a major North Korean spying operation
August 12, 2025
Hackers claim to have compromised the computer of a North Korean government hacker and leaked its contents online, offering a rare window into a hacking operation by the notoriously secretive nation. The two hackers, who go by Saber and cyb0rg, published a report about the breach in the latest issue of Phrack magazine, a legendary cybersecurity ...
- New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
August 12, 2025
Trend Micro researchers recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry. The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a ...
- WinRAR vulnerability exploited by two different groups
August 12, 2025
On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats. The vulnerability, tracked ...
- Russian government hackers said to be behind US federal court filing system hack
August 12, 2025
The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times. Citing anonymous sources, the newspaper said Russia “is at least in part responsible” for the cyberattack, without saying what part of the Russian government is behind the hack. The hackers searched for ...
- WestJet says some passengers’ personal information stolen in cyberattack
August 11, 2025
WestJet says some personal data including information about travel documents such as passports was stolen in a cyberattack earlier this year, but credit and debit card numbers as well as user passwords were not compromised. In a note to customers, WestJet says the personal information taken varies from person to person but may include name, date ...
- From ClickFix to Command: A Full PowerShell Attack Chain
August 11, 2025
The FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations. The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape. These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell. Read more… Source: Fortinet Sign ...