While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- A third of UK fintechs put customers data at risk of cyber attack
May 29, 2025
UK fintechs are putting thousands of customers in jeopardy by leaving themselves vulnerable to a cyber attack, shocking new research reveals. Nearly 800 firms’ digital presence was analysed by the ethical hacking platform Ethiack as it scrutinised their cybersecurity. Four in ten fintechs were found to be giving hackers a “powerful headstart” by revealing software details ...
- Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
May 29, 2025
Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). GTIG researchers divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and ...
- UK: NHS patient data at risk in major cyber attack
May 28, 2025
A newly uncovered cyber attack has exposed sensitive information at two major NHS trusts, raising fears that patient records could be at risk. University College London hospitals, NHS Foundation Trust, and University Hospital Southampton, NHS Foundation Trust were among the victims identified in a widespread cyber breach. analysed by cybersecurity firm EclecticIQ. The company have said ...
- Victoria’s Secret pulls down website amid security incident
May 28, 2025
Clothing and lingerie retailer Victoria’s Secret suspended most of the functionality of its website and some in-store services to “address a security incident,” according to a statement posted to the company’s website on Wednesday. “We identified and are taking steps to address a security incident,” a Victoria’s Secret spokesperson told Reuters in an email on Wednesday. ...
- Zanubis in motion: Tracing the active evolution of the Android banking malware
May 28, 2025
Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The main infection vector of Zanubis is impersonating legitimate Peruvian Android applications and then misleading the user into enabling the accessibility permissions. Once ...
- Earth Lamia Develops Custom Arsenal to Target Multiple Industries
May 27, 2025
Trend Micro researchers have been tracking an active intrusion set that primarily targets organizations located in countries including Brazil, India, and Southeast Asia since 2023. The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations. The actor also takes advantage of various known vulnerabilities to ...