Security Affairs

DECEMBER 26, 2023

pic.twitter.com/6uHMDcNhTC — Dominic Alvieri (@AlvieriD) December 26, 2023 The group published images of stolen documents as proof of the hack. The Rhysida ransomware group has been active since May 2023. The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Ransomware 342

Ransomware Manufacturing Education Libraries 342

Security Affairs

AUGUST 7, 2024

In December 2023, the group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors.

Ransomware 334

Ransomware Manufacturing Libraries Education 334

Security Affairs

FEBRUARY 28, 2024

The advisory updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released on April 19, 2022 and on December 19, 2023. “From mid-December 2023 onward, the healthcare sector has emerged as the most frequently targeted among the approximately 70 disclosed victims.” ” reads the joint advisory.

Ransomware 334

Ransomware Government Insurance Manufacturing 334

Security Affairs

AUGUST 8, 2024

The BlackSuit ransomware has targeted various critical infrastructure sectors, including commercial facilities, healthcare, government, and manufacturing. August 7, 2024: The advisory was updated to notify network defenders of the rebrand of “Royal” ransomware actors to “BlackSuit.”

Ransomware 320

Ransomware Communications Manufacturing Phishing 320

Security Affairs

NOVEMBER 20, 2023

pic.twitter.com/Wdj7VfkWXa — British Library (@britishlibrary) November 20, 2023 The library plans to partially restore many services in the next few weeks, but it believes that some disruption may persist for longer. The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Libraries 345

Libraries Ransomware Manufacturing Education 345

Security Affairs

NOVEMBER 27, 2023

” Rosaviatsia is the government agency responsible for the oversight and regulation of civil aviation in Russia. The content of the alleged stolen data demonstrates that: In January 2023, 185 accidents were recorded in Russian civil aviation. About a third of them were classified as incidents of varying levels of danger.

Military 343

Military Manufacturing Government Authentication 343

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report. ” continues the report.

Energy and Utilities 325

Energy and Utilities Military Government Phishing 325

Security Affairs

JULY 5, 2020

British Prime Minister Boris Johnson is expected to begin phasing out the use of network equipment manufactured by the Chinese tech giant Huawei in the UK’s 5G network as little as six months, The Daily Telegraph reported. The GCHQ report is expected to be presented to Johnson this week.

Risk 355

Risk Manufacturing Government Communications 355

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. Between April 7, 2023, and May 4, 2023, Royal performed data exfiltration and ransomware delivery preparation activities. ” The group was able to steal data from the City and leaked approximately 1.169 TB at a time prior to May 03, 2023.

Ransomware 328

Ransomware Encryption Systems administration Cybersecurity 328

Security Affairs

NOVEMBER 15, 2023

The report includes IOCs and TTPs identified through investigations as recently as September 2023. The Rhysida ransomware group has been active since May 2023, according to the gang’s Tor leak site, at least 62 companies are victims of the operation. The victims of the group are “targets of opportunity.”

Ransomware 332

Ransomware Manufacturing Education Passwords 332

Security Affairs

OCTOBER 19, 2023

“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware 340

Ransomware Financial Services Manufacturing Government 340

Security Affairs

DECEMBER 14, 2023

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware 345

Ransomware Blockchain Manufacturing Analytics 345

Security Affairs

FEBRUARY 8, 2024

Government offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group. The US Department of State announced rewards up to $10,000,000 for information leading to the identification and/or location of the leaders of the Hive ransomware group.

Ransomware 334

Ransomware Blockchain Manufacturing Government 334

Security Affairs

DECEMBER 12, 2023

Talos believes that NineRAT was built around May 2022, but was first spotted on March 2023 as part of Operation Blacksmith. The experts observed the use of NineRAT at around September 2023 against a European manufacturing entity. In March, the threat actors hit a South American agricultural organization.

Agriculture 318

Agriculture Data collection Access Manufacturing 318

Security Affairs

DECEMBER 13, 2023

In November 2023, the experts noticed that the botnet started targeting Axis IP cameras, such as the M1045-LW, M1065-LW, and p1367-E. The KV-botnet logical network map, December 2023 In May, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.

Communications 332

Communications Manufacturing Education Government 332

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. was the prevalent variant in 2023.

Ransomware 246

Ransomware Cybersecurity Agriculture Education 246

Security Affairs

AUGUST 21, 2023

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “ HiatusRAT ” that infected over 100 edge networking devices globally. “Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild. 57 155.138.213[.]169

Military 246

Military Manufacturing Government Access 246

Security Affairs

FEBRUARY 16, 2024

government offers rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. On December 19, 2023, the FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure.

Ransomware 339

Ransomware Government Manufacturing Access 339

Security Affairs

FEBRUARY 12, 2024

“This study examines Rhysida ransomware, which caused significant damage in the second half of 2023, and proposes a decryption method. The Rhysida ransomware group has been active since May 2023. In December 2023, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks.

Ransomware 318

Ransomware Encryption Paper Manufacturing 318

Security Affairs

FEBRUARY 19, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. The LockBit ransomware operation operated under a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to carry out ransomware attacks through the utilization of LockBit ransomware tools and infrastructure.

Energy and Utilities 330

Energy and Utilities Ransomware Agriculture Financial Services 330

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities 323

Energy and Utilities Communications Military Access 323

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities 332

Energy and Utilities Communications Military Manufacturing 332

Security Affairs

OCTOBER 18, 2023

Taiwanese manufacturer D-Link confirmed a data breach after a threat actor offered for sale on BreachForums stolen data. The company became aware of the a claim of data breach on October 2, 2023 and immediately launched an investigation into the alleged incident with the help of the security firm Trend Micro.

Data breaches 343

Data breaches Sales Phishing Manufacturing 343

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies.

Computer and Electronics 246

Computer and Electronics Military Manufacturing Government 246

Security Affairs

FEBRUARY 21, 2024

government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. ” reads the press release published by the U.S. “The

Energy and Utilities 326

Energy and Utilities Ransomware Agriculture Manufacturing 326

Security Affairs

JUNE 16, 2023

The US authorities arrested the man in Arizona last month DoJ states that from at least as early as August 2020 to March 2023, Astamirov and other members of the LockBit ransomware gang committed wire fraud and compromised many computer systems worldwide attempting to extort the victims of ransomware attacks. law enforcement).

Ransomware 246

Ransomware Agriculture Education Government 246

Security Affairs

AUGUST 3, 2023

Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. The hackers targeted diplomatic entities and systems transmitting sensitive information about the region’s politics, aiding Ukrainian citizens fleeing the country, and providing help to the government of Ukraine.

Phishing 246

Phishing Authentication Government Military 246

Security Affairs

DECEMBER 19, 2023

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.A. , the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware 320

Ransomware IT Access Manufacturing 320

Security Affairs

SEPTEMBER 15, 2024

The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack.

Ransomware 315

Ransomware Manufacturing Education Encryption 315

Security Affairs

AUGUST 28, 2023

The malicious code was used in attacks targeting multiple sectors including the gaming industry, technology industry, and luxury car manufacturers. Since mid-July 2023, the binary observed in the attacks includes support for telnet scanning and support for more CPU architectures. ” reads the report published by Akamai.

IoT 246

IoT Mining Manufacturing Education 246

Security Affairs

FEBRUARY 27, 2024

The Company has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies.” On December 19, 2023, the FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure.

Ransomware 317

Ransomware Government Insurance Manufacturing 317

Security Affairs

JUNE 3, 2023

Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. ReadMe file name: README.BlackSuit.txt.

Ransomware 246

Ransomware Encryption File names Cybersecurity 246

Security Affairs

MAY 27, 2023

New Buhti ransomware operation uses rebranded LockBit and Babuk payloads New PowerExchange Backdoor linked to an Iranian APT group Dark Frost Botnet targets the gaming sector with powerful DDoS New CosmicEnergy ICS malware threatens energy grid assets D-Link fixes two critical flaws in D-View 8 network management suite Zyxel firewall and VPN devices (..)

Security 246

Security Ransomware Manufacturing Cybersecurity 246

Security Affairs

APRIL 7, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. This week the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Ransomware 246

Ransomware Security Manufacturing Cybersecurity 246

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

e-Discovery 192

e-Discovery Communications Ransomware Government 192

Security Affairs

JANUARY 10, 2021

Just where is the Global Cyber-defense Market going, and why is it failing so spectacularly to protect the data assets of the largest and most heavily protected government institutions and corporate companies in the world. For more information on this, see: Manchester United Football Club Cyber Attack.

IT 305

IT Cybersecurity Ransomware Manufacturing 305

Security Affairs

FEBRUARY 20, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. Today, additional criminal charges against Kondratyev were unsealed in the Northern District of California related to his deployment in 2020 of ransomware against a victim located in California.”

Energy and Utilities 325

Energy and Utilities Ransomware Manufacturing Agriculture 325