While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual geographic footprint of these attacks became broader than expected, striking companies across Kazakhstan, the UAE, Syria, and Egypt.
What triggered Kaspersky’s investigation was spotting a cluster of indicators of compromise within a breached Russian organization’s infrastructure. The researchers used these footprints to successfully track down other environments hit by the same threat actors and piece together the bigger picture.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Novel Technique to Detect Cloud Threat Actor Operations
February 6, 2026
Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors. The difficulty doesn’t lie in an inability to identify complex alerting operations across thousands of cloud resources or in a failure to follow identity resources, the problem lies in the accurate detection of known persistent threat actor ...
- Photo-Sharing Platform Flickr Issues Data Breach Warning
February 6, 2026
It’s not been the greatest start to February as far as data breaches are concerned. Substack has confirmed it has been hacked, and now Flickr has issued a warning to users concerning a data breach vulnerability that might have leaked their personal data. Although it’s unknown how many users may have been affected at this stage, ...
- Dynowiper: Destructive Malware Targeting Poland’s Energy Sector
February 6, 2026
The coordinated destructive campaign against critical energy infrastructure occurred on December 29, 2025, during a period of severe winter weather in Poland. According to CERT Polska’s report, the campaign targeted: 30+ wind and solar farms across Poland; A major CHP plant supplying heat to nearly half a million customers; A manufacturing sector company characterized as an ...
- Viral AI, Invisible Risks: What OpenClaw Reveals About Agentic Assistants
February 6, 2026
The name OpenClaw might not immediately be recognizable, partly because it has undergone several name changes, from Clawdbot to Moltbot, then finally to OpenClaw. Yet one thing is certain: This new digital assistant feels genuinely groundbreaking. It remembers past interactions, keeps data on the user’s device, and adapts to individual preferences, making it feel like a ...
- Asia-based government spies quietly broke into critical networks across 37 countries
February 5, 2026
A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers. In total, the crew compromised at least 70 organizations, and maintained access to several of these for months. “While this group might be pursuing espionage objectives, its methods, targets and scale of ...
- Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
February 5, 2026
Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. These attackers primarily have their sights set on the manufacturing, finance, and IT sectors. Their campaigns are meticulously prepared and tailored to specific victims, featuring a signature ...