While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Crooks plant backdoor in software used by courtrooms around the world
May 23, 2024
A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application ...
- LockBit demands $25 million from Canadian pharmacy chain London Drugs after ransomware attack
May 23, 2024
The recent cyber-incident against Canadian pharmacy chain London Drugs was indeed a full-blown ransomware attack, with sensitive data being stolen, and a major ransom being demanded, the company has confirmed. In a statement given to The Register, the company said it had been hit, but stressed it also had no intention of paying the ransom demand. ...
- ShrinkLocker: Turning BitLocker into ransomware
May 23, 2024
The original purpose of BitLocker is to address the risks of data theft or exposure from lost, stolen, or improperly decommissioned devices. Nonetheless, threat actors have found out that this mechanism can be repurposed for malicious ends to great effect. In that incident, the attackers were able to deploy and run an advanced VBS script that ...
- Most recent cyber attacks on water systems won’t be the last, says cybersecurity expert
May 23, 2024
More government agencies are taking steps to shore up their cybersecurity measures. Earlier this week, the Environmental Protection Agency announced it would step up inspections of water facilities that may be vulnerable to cyberattacks. Why are government agencies more at risk when it comes to cyberattacks and operational vulnerabilities? Read more… Source: MSN News Sign up for our Newsletter Related:
- Cyber Signals: Inside the growing risk of gift card fraud
May 23, 2024
Multifactor authentication Security operations In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank account attached to them, which can lessen scrutiny of ...
- Bank of Russia reports rising number of cyber attacks on financial infrastructure
May 23, 2024
The Bank of Russia reported an increase in the number of attacks on suppliers of various IT solutions used in the financial market, the regulator said in its report. “It is particularly noteworthy that attacks on third parties – suppliers of various IT solutions utilized in the financial market – have increased in frequency in 2023. ...