While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies
June 5, 2024
Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf. The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement ...
- Chinese Nationals Plead Guilty To Cyber Crimes In Zambia
June 5, 2024
Twenty-two Chinese nationals have pleaded guilty to committing cyber-related crimes in Zambia. They are among 77 suspects arrested in April in connection with a “sophisticated internet fraud syndicate,” according to authorities. The operation targeted a Chinese-run company in Lusaka following a surge in internet fraud cases affecting people globally. The Chinese nationals are scheduled for sentencing ...
- Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)
June 5, 2024
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. While labeled as a sensitive information disclosure vulnerability, it is actually a path traversal attack leading ...
- Cyber Attacks and the Risk of Real War: A NATO Perspective
June 5, 2024
The possibility of a cyber-attack on any NATO member country escalating into a real war is a pressing concern. This question is particularly relevant as the US-led North Atlantic Treaty Organization (NATO) has started establishing ‘cyber labs’ in countries bordering Russia, signalling an increased focus on cyber defence. At the recent Shangri-La Dialogue (31 May-2 June) ...
- Big name TikTok accounts hijacked after opening DM
June 5, 2024
High profile TikTok accounts, including CNN, Sony, and—er—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens without the account owner needing to click on or open ...
- AI jailbreaks: What they are and how they can be mitigated
June 4, 2024
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s). As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used to carry out instructions that go ...