While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
July 2, 2025
A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app’s full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from the phones of their ...
- Cyberattack on Brazil tech provider affects reserve accounts of some financial institutions
July 2, 2025
Brazil’s central bank said on Wednesday that technology services provider C&M Software, which serves financial institutions lacking connectivity infrastructure, had reported a cyberattack on its systems. The bank did not provide further details of the attack, but said in a statement that it ordered C&M to shut down financial institutions’ access to the infrastructure it operates. ...
- Windows Shortcut (LNK) Malware Strategies
July 2, 2025
Attackers are increasingly exploiting Windows shortcut (LNK) files for malware delivery. Palo Alto Unit 42 telemetry revealed 21,098 malicious LNK samples in 2023, which surged to 68,392 in 2024. In this article, Unit 42 researchers present an in-depth investigation of LNK malware, based on analysis of 30,000 recent samples. Windows shortcut files use the .lnk file ...
- Google Releases Security Updates for Chrome
July 1, 2025
Google has released updates to Chrome stable channels to address a high severity vulnerability. CVE-2025-6554 is a “type confusion” vulnerability in the V8 JavaScript browser engine. An attacker could exploit this vulnerability to perform arbitrary read/write by convincing a user to visit a malicious HTML page. Google is aware that an exploit for CVE-2025-6554 exists in ...
- Iran-linked hackers threaten to release Trump aides’ emails
July 1, 2025
Iran-linked hackers have threatened to disclose more emails stolen from U.S. President Donald Trump’s circle, after distributing a prior batch to the media ahead of the 2024 U.S. election. In online chats with Reuters on Sunday and Monday, the hackers, who go by the pseudonym Robert, said they had roughly 100 gigabytes of emails from the ...
- FBI: Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest
June 30, 2025
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber ...