Hellhounds: Operation Lahat. Part 2


In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat.

The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks on organizations located in Russia, scoring at least 48 confirmed victims by Q2 2024. As the PT ESC CSIRT team responded to an incident at a transportation company, they detected previously unreported attacks on Windows-based infrastructure, besides already-known TTPs (Tactics, Techniques, and Procedures) and attacks on Linux hosts. The new investigation also found that Hellhounds had been successfully hitting Russian companies since at least 2021. It is a known fact that development of the malware began at least as early as 2019.

Read more…
Source: Positive Technologies


Sign up for our Newsletter


Related:

  • APT29 Uses WINELOADER to Target German Political Parties

    March 22, 2024

    In late February 2024, Mandiant identified APT29 — a Russian Federation backed threat group linked by multiple governments to Russia’s Foreign Intelligence Service (SVR) — conducting a phishing campaign targeting German political parties. Consistent with APT29 operations extending back to 2021, this operation leveraged APT29’s mainstay first-stage payload ROOTSAW (aka EnvyScout) to deliver a new backdoor ...

  • Fluffy Wolf sends out reconciliation reports to sneak into corporate infrastructures

    March 19, 2024

    The group has adopted a simple yet effective approach to gain initial access: phishing emails with an executable attachment. This way, Fluffy Wolf establishes remote access, steals credentials, or exploits the compromised infrastructure for mining The BI.ZONE Threat Intelligence team has detected a previously unknown cluster, dubbed Fluffy Wolf, whose activity can be traced back to ...

  • Microsoft Announces Suspension of Cloud Services in Russia Amid EU Sanctions

    March 18, 2024

    Microsoft has announced that it will suspend access to its cloud services for companies based in Russia, effective March 20. This move comes as a direct response to the European Union’s 12th package of sanctions against Russia, specifically EU regulation 833/2014. The suspension includes a wide range of cloud-based products, significantly impacting Russian businesses that rely ...

  • Russia foiled 280,000 DDoS cyberattacks against remote electronic voting system

    March 17, 2024

    Speaking at a news conference in Moscow, Ella Pamfilova, head of Russia’s Central Election Commission, said that the overall turnout in the presidential election as of 3:45 p.m. Moscow time (1245GMT), taking into account remote electronic voting, is 70.81%. Pamfilova also said that about 280,000 DDoS cyberattacks against remote electronic voting had been foiled, including 215,000 ...

  • Member of LockBit ransomware group sentenced to 4 years in prison

    March 14, 2024

    A dual Canadian-Russian national has been sentenced to four years in prison for his role in infecting more than 1,000 victims with the LockBit ransomware and then extorting them for tens of millions of dollars. Mikhail Vasiliev, a 33-year-old who most recently lived in Ontario, Canada, was arrested in November 2022 and charged with conspiring to ...

  • Russia’s spy service accuses US of trying to meddle in presidential election

    March 11, 2024

    President Vladimir Putin’s foreign intelligence service on Monday accused the United States of trying to meddle in Russia’s presidential election and said that Washington even had plans to launch a cyber attack on the online voting system. Putin, who is almost certain to win the March 15-17 presidential election, has warned the West that any attempts ...