While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Frontier Communications: 750k people’s data stolen in April attack on systems
June 7, 2024
Frontier Communications has confirmed more than 750,000 individuals were affected in an April cyberattack on its systems, according to a regulatory filing. Lawyers representing the major US telco told the Office of the Maine Attorney General that data belonging to 751,895 people was stolen. The data types impacted, according to the filing, are limited to names ...
- Telangana Police hit by second major data breach in a week as TSCOP App compromised
June 7, 2024
Just a week after the hacking incident involving Telangana police’s HawkEye app, another app, TSCOP, has been compromised as well. As a result, policerelated data is currently available for sale on online forums. The same hacker responsible for the breach of HawkEye is behind this security lapse. The TSCOP app user data is being sold online ...
- CoinGecko confirms email provider data breach, over 23,000 phishing emails sent
June 7, 2024
Cryptocurrency data aggregator CoinGecko has confirmed a data breach suffered by its third-party email management platform GetResponse. Following yesterday’s reports of a new wave of crypto airdrop scams, CoinGecko confirmed that GetResponse suffered a data breach on June 5, allowing attackers to export the contact information of over 1.9 million CoinGecko users. Read more… Source: CoinTelegraph Sign up for ...
- Microsoft Recall snapshots can be easily grabbed with TotalRecall tool
June 6, 2024
Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a ...
- Hundreds of Snowflake customer passwords found online are linked to info-stealing malware
June 5, 2024
Cloud data analysis company Snowflake is at the center of a recent spate of alleged data thefts, as its corporate customers scramble to understand if their stores of cloud data have been compromised. Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts ...
- RansomHub: New Ransomware has Origins in Older Knight
June 5, 2024
RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware. Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. ...