While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Massive New Jersey cybersecurity breach leads to thousands of stolen SSNs
December 7, 2024
The social security numbers, driver’s licenses, payroll, health and other personal details of Hoboken city workers were among the data stolen in a “massive” cybersecurity breach last month. According to a list of thousands of stolen files obtained by The Jersey Journal, every department in City Hall — ranging from payroll to construction, health, and animal ...
- Jamaica: Police charge 6 people in connection with cyber attack on account of bank customer
December 7, 2024
The six people arrested last week in connection with a multi-million dollar cyber attack on the account of a customer of the National Commercial Bank, have been charged. This was disclosed by Dane Nicholson, Head of the Anti-Fraud Committee of the Jamaica Banker’s Association, who said the suspects were charged on Thursday and are booked to ...
- International operation against ‘phone phishing’ gang in Belgium and the Netherlands
December 6, 2024
Europol has supported Belgian and Dutch authorities in an international operation against a ‘phone phishing’ gang that has led to the arrest of 8 suspects. On the action day, law enforcement also carried out 17 searches in different locations in Belgium and the Netherlands. Although most of the criminal activities took place in Belgium, the main ...
- US critical infrastructure hit once again by a new group on the scene
December 6, 2024
Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States. The group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices. Once they get the access, they deploy different Remote Access Trojans (RAT) and other malware to ...
- MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
December 5, 2024
Trend Micro researchers have been continuously monitoring the MOONSHINE exploit kit’s activity since 2019. During our research, they discovered a MOONSHINE exploit kit server with improper operational security: Its server exposed MOONSHINE’s toolkits and operation logs, which revealed the information of possible victims and the attack tactics of a threat actor we have named Earth ...
- Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
December 4, 2024
Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024, followed by an update in August 2024, when the operators updated their tactics and malware payloads ...