From cause to cash: a cross-border look at hacktivist activity
ID: b57bbd4a-8999-5cbe-9851-85458c112399
STIX ID: report--b57bbd4a-8999-5cbe-9851-85458c112399
Feed Name: Securelist by Kaspersky
This report presents Kaspersky's analysis of a series of interconnected hacktivist campaigns (4BID and associated groups) that leveraged ProxyShell Exchange exploits to deploy fd.aspx web shells, RATs (BlackReaper, Warp), post-exploitation frameworks (Sliver, Havoc, Mythic Apollo, Adaptix), EDR killers (BYOVD/GhostDriver), and ransomware (ClearWater and an updated Blackout Locker) against organizations in Russia, Belarus and, increasingly, Kazakhstan, UAE, Syria and Egypt; it includes technical breakdowns of malware behavior, persistence and deployment scripts, lists of C2 IPs and recommended detection methods.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
