While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Proof-of-Concept Released Oracle VM VirtualBox
May 16, 2025
Oracle has released a security update to address a critical vulnerability in Oracle VM VirtualBox. Oracle VM VirtualBox is cross-platform virtualisation software. CVE-2025-30712 is an ‘improper access control’ vulnerability with a CVSSv3 score of 8.1 that affects the Oracle Virtualisation component of VirtualBox. Successful exploitation could allow an attacker with administrative privileges to gain linear memory ...
- Global Russian hacking campaign steals data from government agencies
May 16, 2025
For years now, Russian state-sponsored threat actors have been eavesdropping on email communications from governments across Eastern Europe, Africa, and Latin America. A new report from cybersecurity researchers ESET has found that the crooks were abusing multiple zero-day and n-day vulnerabilities in webmail servers to steal the emails. ESET named the campaign “RoundPress”, and says that ...
- Ivanti Endpoint Manager Mobile exploit chain exploited in the wild
May 16, 2025
On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM): CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications, and content. CVE-2025-4427 is an authentication bypass vulnerability with a CVSS rating of 5.3 ...
- CrazyHunter Campaign Targets Taiwanese Critical Sectors
May 16, 2025
CrazyHunter has quickly emerged as a serious ransomware threat. The group made their introduction in the past month with the opening of their data leak site where they posted ten victims – all located from Taiwan. Trend Micro researchers have followed some of their operations through internal monitoring since the start of January and have witnessed ...
- Threat landscape for industrial automation systems in Q1 2025
May 15, 2025
Relative stability from quarter to quarter. The percentage of ICS computers on which malicious objects were blocked remained unchanged from Q4 2024 at 21.9%. Over the last three quarters, the value has ranged from 22.0% to 21.9%. The quarterly figures are decreasing from year to year. Since Q2 2023, the percentage of ICS computers on which ...
- Senior US Officials Impersonated in Malicious Messaging Campaign
May 15, 2025
FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign. Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive ...