While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber attack on councils across Greater Manchester leaves thousands vulnerable to phishing scam
August 14, 2024
A cyber attack on councils across Greater Manchester has left thousands of residents vulnerable to a phishing scam. The attack, which initially hit one borough last week and spread over the weekend, on software company Locata downed the housing websites for Manchester, Salford and Bolton councils. It has also led to thousands of users being sent ...
- EastWind campaign: new CloudSorcerer attacks on government organizations in Russia
August 14, 2024
In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that received commands via the Dropbox cloud service. Attackers used this malware to download ...
- New Windows Cyber Attacks Confirmed – CISA Says Update By September 3
August 14, 2024
Microsoft has released the monthly round of Patch Tuesday security updates, with fixes for a total of 90 vulnerabilities across the Windows ecosystem. Of these, the Microsoft Security Response Center warns that five Windows vulnerabilities have confirmed and active cyber attacks against them already. So serious are these zero-day security issues that the U.S. Cybersecurity and ...
- Turkish intelligence dismantles global cyber espionage network
August 13, 2024
The Turkish National Intelligence Organization (MIT) has successfully dismantled a global cyber espionage network that had stolen personal data from thousands of individuals worldwide, including in Türkiye. In a coordinated effort with the Turkish Gendarmerie General Command and the National Cyber Incident Response Center (USOM), MIT carried out the operation as part of an investigation led ...
- Musk Blames DDoS Attack For 40-Minute Delayed Start to Trump’s X Livestream
August 13, 2024
Technical difficulties delayed former President Donald Trump’s live conversation with Elon Musk on X by over 40 minutes. Musk blamed the issues on a distributed denial-of-service (DDoS) cyberattack, in which a bad actor seeks to overload a target server with traffic, rendering it unusable. His claims could not be verified. “We unfortunately had a massive distributed ...
- ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
August 13, 2024
This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws ...