While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Filch Stealer: A new infostealer leveraging old techniques
June 16, 2025
In recent weeks, Rapid7 has observed an increased volume of incidents involving domains generated by domain generation algorithms (DGAs). DGAs are a known technique leveraged by malware authors to quickly create a large number of domain names, which will point to command and control (C2) servers operated by the attackers. Observed domains shared multiple commonalities such ...
- Europe-wide takedown hits longest-standing dark web drug market
June 16, 2025
Law enforcement authorities across Europe have dismantled ‘Archetyp Market’, the most enduring dark web marketplace, following a large-scale operation involving six countries, supported by Europol and Eurojust. Between 11 and 13 June, a series of coordinated actions took place across Germany, the Netherlands, Romania, Spain, Sweden, targeting the platform’s administrator, moderators, key vendors, and technical infrastructure. ...
- WestJet investigating possible cyberattack
June 16, 2025
WestJet has apparently suffered a cyberattack which has disrupted some of its services, including impacting the airline’s website and mobile app. The company confirmed the news in a security advisory posted on its website, noting, “WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users.” ...
- Hackers take aim at Washington Post journalists in an apparent ‘targeted’ cyberattack
June 15, 2025
Hackers have tried to break into the email accounts of a select number of Washington Post journalists, according to an internal Washington Post memo obtained by CNN. The Post discovered the “possible targeted” hack of its email system last Thursday, prompting the newspaper to reset login credentials for all its employees on Friday, Washington Post Executive ...
- Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
June 13, 2025
A new ransomware-as-a-service (RaaS) group has emerged and has been making a name for itself in 2025. Anubis is a recently identified group that sets itself apart by partnering encryption with more destructive capabilities—wiping directories which severely impact chances of file recovery. Given its brief history and use of a multi-layered extortion model, Anubis has all ...
- Mitel Releases Security Advisory for MiCollab
June 13, 2025
Mitel has released a security advisory to address a critical severity vulnerability in Mitel MiCollab. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams. The vulnerability, which has no CVE identifier at time of publish, is a “path traversal” vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow ...