While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian banking sector faced DDoS attack planned from abroad
July 24, 2024
The Russian banking sector was exposed to a DDoS attack planned from overseas, the VTB Bank press service told TASS. “The banking sector was exposed to the DDoS attack orchestrated from overseas. A minor share of VTB clients faced individual constraints in operations of bank apps due to the high load on the infrastructure of Internet ...
- Cyberattack closes Jefferson County Clerk’s Office, all motor vehicle branches
July 24, 2024
A cyber attack forced the Jefferson County Clerk’s Office to close its eight branches this week. The attack was first discovered at 2:24 a.m. Monday, said Ashley Tinius, a spokesperson for the office. The office has been working with a private cybersecurity firm and law enforcement to investigate the attack and repair its system, Tinius said. ...
- Telegram Zero-Day Let Hackers To Spread Malware Hidden in Videos
July 24, 2024
Cybersecurity researchers at ESET discovered a zero-day vulnerability that targeted the Telegram for Android app and sent malicious files disguised as videos through chats. The zero-day exploit, dubbed “EvilVideo,” allowed hackers to share Android payloads via Telegram channels, groups, and chats, and make them appear to be multimedia files. This exploit targeted only Android Telegram versions ...
- Stargazers Ghost Network
July 24, 2024
Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods. Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that ...
- Ransomware attack shuts down The Superior Court of Los Angeles County
July 22, 2024
The Superior Court of Los Angeles County will be closed on Monday as they continue to recover from a ransomware attack that happened last week. Because of this, all 36 courthouse locations across LA County will be closed to start the week as work continues on the repair and reboot of network systems that were shut ...
- Cybercriminals quickly exploit CrowdStrike chaos
July 20, 2024
Who loves a global outage? Phishers, fraudsters and all manner of creeps Criminals didn’t waste any time taking advantage of the CrowdStrike-Microsoft chaos and quickly got to work phishing organizations and spinning up malicious domains purporting to be fixes.… Just hours after a faulty CrowdStrike file shut down Windows machines around the globe, reports surfaced of ...