Education, Groups and Manufacturing - Information Management Today

Chinese APT Group Uses New Tradecraft to Live Off the Land

Data Breach Today

JUNE 26, 2023

Group Targeting Transportation, Construction, Government Agencies, CrowdStrike Says A Chinese state hacker is using novel tradecraft to gain initial access to victim systems, according to CrowdStrike.

Manufacturing

Manufacturing Education Communications Government

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group claimed to have breached the Abdali Hospital in Jordan and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023. Data from the Royal Family!

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Libraries Education

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code.

Ransomware

Ransomware Encryption Manufacturing Phishing

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

This is precisely what the consortium of software companies and device manufacturers, led Google, Amazon and Apple, set out to achieve when Matter was conceived four years ago. It’s important that as consumers are shopping for these smart home devices that they learn to recognize the Matter trademark so that they can make educated decisions.”

Security

Security Manufacturing Authentication Marketing

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. China Energy Engineering Group ranks 3rd in ENR Top 150 Global Engineering Design Firms and 13th in ENR Top 250 Global Contractors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

To Make the Internet of Things Safe, Start with Manufacturing

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

In this blog, and in and accompanying interview with our colleague Daniel Hjort from Nexus Group, we discuss the challenges that industry faces to ensure safe deployment and management of IoT technologies. Typically, when they are manufactured, IoT devices receive their initial identity in the form of a “digital birth certificate.”

Manufacturing

Manufacturing IoT Authentication Security

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware

Ransomware Manufacturing Education Passwords

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

Security Affairs

SEPTEMBER 20, 2024

The threat actor has been active since July 2022, it was observed targeting organizations in the education, healthcare, IT, and manufacturing sectors. The group employed various ransomware payloads in its attacks, including BlackCat , Quantum Locker , Zeppelin , and Rhysida. ” Microsoft wrote on X.

Ransomware

Ransomware Manufacturing Education IT

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon , using a novel tradecraft to gain initial access to target networks. ” concludes the report.

Cleanup

Cleanup Libraries Access Manufacturing

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The ransomware group claims to have stolen a substantial trove of ‘impressive data’ and is auctioning it for 20 BTC. The victims of the group are “targets of opportunity.”

Libraries

Libraries Ransomware Manufacturing Education

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

The group targeted the organization with phishing attacks aimed at spreading at least three new sophisticated malware strains. FireEye’s Mandiant unit observed two distinct waves of attacks carried out by the cybercrime group in December 2020. ” states the analysis published by FireEye.

Manufacturing

Manufacturing Phishing Military Retail

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Security Affairs

MAY 7, 2021

Hancitor became another commodity malware which partnered with ransomware gangs to help them gain initial access to target networks – the increasing trend outlined by Group-IB researchers in the recent Ransomware Uncovered 2020/2021 report. In addition, the group leveraged some custom tools for network reconnaissance. exe: Figure 3.

Ransomware

Ransomware Education Manufacturing Healthcare

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The second stage payload is a heavily obfuscated shellcode, the APT group used an encryption method different for each sample.

Manufacturing

Manufacturing Education Encryption IT

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. Each participating organization is committed to developing cyber skills and programs to train the workforce across a wide range of industries, including manufacturing.

Cybersecurity

Cybersecurity Manufacturing Military Artificial Intelligence

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

. “The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group.”

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

OCTOBER 28, 2020

Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries. It is the largest office furniture manufacturer in the world. Steelcase has 13,000 employees and $3.7 billion in 2020.

Ransomware

Ransomware Computer and Electronics Manufacturing Mining

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

The IT giant has seized the domains used by the threat actors employed in its attacks aimed at organizations in tech, transportation, government, and education sectors located in the U.S., The APT group created fake social media profiles, often posing as recruiters, then used them to trick targets into providing personal information.

Phishing

Phishing Manufacturing Education Cybersecurity

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Encryption Paper Manufacturing

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Security Affairs

SEPTEMBER 15, 2024

Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack that hit the agency in August. Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Encryption

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Access

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

The group managed to maintain access without being detected for as long as possible. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Communications

Communications Manufacturing Education Government

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

JUNE 6, 2024

.” The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group. The authorities also seized the dark web Tor leak site used by the group. It was the first time that the admin of the notorious group was identified by law enforcement.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Encryption

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. The ransomware was originally written in Go language and was employed in attacks aimed at healthcare and education sectors in countries like Thailand and Indonesia. AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Passwords Education

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. Once obtained access to the City’s network, the group performed reconnaissance and information-gathering activities using legitimate third-party remote management tools.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

The list was published with the intent of raising awareness of common hardware weaknesses through CWE and educating designers and programmers on how to address them as part of the product development lifecycle. . The list includes a total of 12 vulnerabilities entries that had a score from 1.03 to 1.42 (the highest possible score was 2.0).

Manufacturing

Manufacturing Education Access Security

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Security Affairs

AUGUST 27, 2024

China-linked APT group Volt Typhoon exploited a zero-day flaw in Versa Director to upload a custom webshell in target networks. The company confirmed that at least one APT group actively exploited the flaw in the wild. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities

Energy and Utilities Communications Authentication Access

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. ” reads the joint report. reads the press release published by DoJ.

Energy and Utilities

Energy and Utilities Military Government Phishing

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

The Last Watchdog

FEBRUARY 15, 2024

Paul Greene , CIPP/US, CIPP/E, CIPM, FIP, Harter Secrest & Emery’s Privacy and Data Security practice group helps clients respond to data security incidents of all kinds. NetDiligence-authorized Breach Coach ® firms are selected based on their experience, competency, thought leadership, and industry engagement. Greene Led by partner F.

Data breaches

Data breaches Financial Services Big data Retail

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

The Last Watchdog

FEBRUARY 20, 2023

One report showed ransomware attacks increased by 80 percent in 2022, with manufacturing being one of the most targeted industries. The Glenn County Office of Education in California suffered an attack limiting access to its own network. It’s best to stay away from paying out any funds in cryptocurrency or otherwise.

Ransomware

Ransomware Cleanup Education Manufacturing

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. The group relies on tools built into the operating system, along with some legitimate software. The group primarily relies on living-off-the-land techniques and hands-on-keyboard activity.

Manufacturing

Manufacturing Education Access Government

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The group managed to maintain access without being detected for as long as possible. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

e-Discovery

e-Discovery Communications Ransomware Government

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

A China-linked APT group, tracked as Volt Typhoon, breached critical infrastructure organizations in the U.S. China-linked APT cyber espionage group Volt Typhoon infiltrated critical infrastructure organizations in the U.S. The group managed to maintain access without being detected for as long as possible.

Communications

Communications Manufacturing Access Archiving

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

The LockBit ransomware group successfully extorted roughly $91 million from approximately 1,700 U.S. According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. organizations since 2020. organizations since 2020.

Ransomware

Ransomware Cybersecurity Agriculture Education

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. “Nexx has not replied to any correspondence from myself, DHS (CISA and US-CERT) or VICE Media Group.” ” reads a post published by Sabetan.

Manufacturing

Manufacturing Cybersecurity Education Authentication

NCR was the victim of BlackCat/ALPHV ransomware gang

Security Affairs

APRIL 16, 2023

It manufactures self-service kiosks, point-of-sale terminals, automated teller machines, check processing systems, and barcode scanners. NCR is suffering an outage on its Aloha point of sale platform since Wednesday after it was hit by a ransomware attack conducted by the BlackCat/ALPHV ransomware group.

Ransomware

Ransomware Sales Manufacturing Cybersecurity

Prometheus and Grief – two new emerging ransomware gangs targeting enterprises. Mexican Government data is published for sale.

Security Affairs

JUNE 1, 2021

Prometheus is a new emerging ransomware group extorting enterprises in various verticals across the globe. On their updated logo, the group illustrated ties to another notorious underground ransomware group – REvil. Some actors design various landing pages in TOR to blur attribution acting as new groups.

Sales

Sales Ransomware Government GDPR

Hyundai suffered a data breach that impacted customers in France and Italy

Security Affairs

APRIL 12, 2023

. “Although there is no evidence that the data concerned have been used for fraudulent purposes, out of extreme caution, we invite you to pay particular attention and to verify any contact attempt via e-mail, mail and/or text message that may appear to come from Hyundai Italia or by other entities of the Hyundai Group.

Data breaches

Data breaches Manufacturing Cybersecurity Education

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. Another option is that BlackSuit emerged from a splinter group within the original Royal ransomware gang.”

Ransomware

Ransomware Encryption File names Cybersecurity

Chinese APT Group Uses New Tradecraft to Live Off the Land

Rhysida ransomware group hacked Abdali Hospital in Jordan

Trending Sources

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Researchers Quietly Cracked Zeppelin Ransomware Keys

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

Rhysida ransomware gang claimed China Energy hack

To Make the Internet of Things Safe, Start with Manufacturing

FBI and CISA warn of attacks by Rhysida ransomware gang

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Rhysida ransomware gang is auctioning data stolen from the British Library

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Operation Cronos: law enforcement disrupted the LockBit operation

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Steelcase office furniture giant hit by Ryuk ransomware attack

Microsoft seized 41 domains used by Iran-linked Bohrium APT

More details about Operation Cronos that disrupted Lockbit operation

Researchers released a free decryption tool for the Rhysida Ransomware

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

FBI chief says China is preparing to attack US critical infrastructure

China-linked APT Volt Typhoon linked to KV-Botnet

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Experts spotted a variant of the Agenda Ransomware written in Rust

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

MITRE and CISA publish the 2021 list of most common hardware weaknesses

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

China-linked Flax Typhoon APT targets Taiwan

China’s Volt Typhoon botnet has re-emerged

China-linked APT Volt Typhoon targets critical infrastructure organizations

Cybersecurity agencies published a joint LockBit ransomware advisory

Nexx bugs allow to open garage doors, and take control of alarms and plugs

NCR was the victim of BlackCat/ALPHV ransomware gang

Prometheus and Grief – two new emerging ransomware gangs targeting enterprises. Mexican Government data is published for sale.

Hyundai suffered a data breach that impacted customers in France and Italy

New Linux Ransomware BlackSuit is similar to Royal ransomware

Stay Connected