Hellhounds: Operation Lahat. Part 2


In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat.

The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks on organizations located in Russia, scoring at least 48 confirmed victims by Q2 2024. As the PT ESC CSIRT team responded to an incident at a transportation company, they detected previously unreported attacks on Windows-based infrastructure, besides already-known TTPs (Tactics, Techniques, and Procedures) and attacks on Linux hosts. The new investigation also found that Hellhounds had been successfully hitting Russian companies since at least 2021. It is a known fact that development of the malware began at least as early as 2019.

Read more…
Source: Positive Technologies


Sign up for our Newsletter


Related:

  • Germany recalls envoy to Russia over cyberattack

    May 6, 2024

    The German ambassador to Russia was recalled for consultations on Monday after Berlin accused Moscow of carrying out cyberattacks. A newly concluded government investigation found the cyberattack had been carried out by a group — linked to Moscow’s GRU military intelligence agency — known as APT28. The group, also known as Fancy Bear, has been accused ...

  • US rejecting dialogue on cyber sphere with Russia undermines information security

    May 4, 2024

    The US administration rejecting dialogue with Moscow on the cyber sphere undermines international information security, Russian Ambassador to Washington Anatoly Antonov said on the embassy’s Telegram channel. “We regard such statements as another example of megaphone diplomacy and evidence of Washington’s irrepressible desire to accuse Russia of all mortal sins. We have repeatedly told the US: ...

  • U.K., U.S. and Canadian cyber authorities warn of pro-Russia hacktivist attacks on OT systems

    May 3, 2024

    The U.K.’s National Cyber Security Centre (NCSC) and other international cyber authorities, including the Federal Bureau of Investigation (FBI), have warned about pro-Russia hacktivist attacks targeting providers of operational technology. OT is hardware and software that interacts with the physical environment and includes smart water metres, automated irrigation systems, dam monitoring systems, smart grids and IoT ...

  • Russia launches production of smartphones with protection against data leaks

    May 3, 2024

    Companies of the state corporation Rostec and the Rostelecom operator have launched a production line for the assembly of Russian smartphones AYYA T1 with protection against data leakage, the Aurora mobile operating system reported. The Aurora mobile operating system is developed by Rostelecom. The gadget is available for corporate customers in two versions – with Android ...

  • Scaly Wolf’s new loader: the right tool for the wrong job

    May 2, 2024

    The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations. The threat actors are distributing phishing emails under the guise of a federal agency. The emails have a legitimate document as an attachment. It aims to lull the recipient’s vigilance and prompt them to open the other file, ...

  • Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes

    April 25, 2024

    A previously unknown and “sophisticated” nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments. A Cisco spokesperson declined to comment on which country the snooping crew – tracked as ...