While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Stolen Canvas data was “returned” after hacker agreement, Instructure says
May 12, 2026
The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage. Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly. Which seems to have paid off. On the Instructure web page about the recent ...
- Cache-poisoning caper turns TanStack npm packages toxic
May 12, 2026
An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral ...
- Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
May 11, 2026
Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks. Despite its critical role in the enterprise identity infrastructure, AD CS is often undermined by insecure default configurations and design complexities, resulting in exploitable ...
- Yarbo responds to robot flaws that could mow down their owners
May 11, 2026
A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of “legacy” design choices: ...
- Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
May 11, 2026
Threat actors using AI is an unsurprising and even long-predicted developmentopen on a new tab. In a case in point, TrendAI™ Research has identified two emerging threat campaigns that used agentic AI to drive intrusion operations against government entities and financial organizations across several countries in Latin America. Though evidence suggests that the two groups are likely ...
- Water company’s leaky security earns near-£1M fine
May 11, 2026
The UK’s data protection watchdog has fined South Staffordshire Water’s parent company nearly £1 million over security failings exposed by the Cl0p ransomware attack in 2022. Issuing the fine of £963,900 ($1.3 million), the Information Commissioner’s Office (ICO) said the attack exposed “significant failures in the company’s approach to data security.” The attack, claimed by Cl0p, was detected ...