In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat.
The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks on organizations located in Russia, scoring at least 48 confirmed victims by Q2 2024. As the PT ESC CSIRT team responded to an incident at a transportation company, they detected previously unreported attacks on Windows-based infrastructure, besides already-known TTPs (Tactics, Techniques, and Procedures) and attacks on Linux hosts. The new investigation also found that Hellhounds had been successfully hitting Russian companies since at least 2021. It is a known fact that development of the malware began at least as early as 2019.
Read more…
Source: Positive Technologies
Related:
- Stone Wolf employs Meduza Stealer to hack Russian companies
September 2, 2024
BI.ZONE Threat Intelligence reports an increase in criminal activity employing commercial malware available on underground resources. Recently, the researchers identified a malicious campaign by a cluster later dubbed Stone Wolf. The adversaries send out phishing emails on behalf of a legitimate provider of industrial automation solutions. The goal of the attackers is to deliver Meduza Stealer ...
- Head Mare: adventures of a unicorn in Russia and Belarus
September 2, 2024
Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops and administrative consoles. By analyzing incidents in Russian companies, Kaspersky researchers ...
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
August 29, 2024
Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123. ...
- Russia blames mass tech outages on DDoS attack
August 23, 2024
The Russian government has blamed the widespread outage of several popular mobile applications on a distributed denial of service (DDoS) attack. The outage affected a number of messaging apps and online services, including Telegram, WhatsApp, Skype, Wikipedia, Steam, Discord, Twitch, and VKontakte – a Russian social network. However, people in Moscow reported regaining access to services ...
- An investigation into the tools and methods used by the Higaisa group
August 19, 2024
In March 2020 specialists from the PT Expert Security Center conducted an analysis on the activities of the APT group Higaisa. This group was first studied by security analysts at Tencent in November 2019. In that analysis, Tencent specialists reached the conclusion that Higaisa has its origins in South Korea. The group, which is still active ...
- UK, US supervise Ukrainian scam call centers – Russian Interior Ministry
August 15, 2024
The special services of the United Kingdom and the United States control and supervise Ukrainian scam call centers, a spokesman for the Russian Interior Ministry said. “The most important thing is that they are fully controlled by the special services of Ukraine, the special services of the UK and the US. Remote thefts ...