Groups and Information Security - Information Management Today

ISMG Editors: Ransomware Groups Aiming for Smaller Targets

Data Breach Today

AUGUST 5, 2022

Also: BEC Attack Headaches and Inside the Nomad Bridge Hack In the latest weekly update, four editors at Information Security Media Group discuss key takeaways from ISMG's recent Government Summit, how hackers siphoned nearly $200 million from cryptocurrency bridge Nomad and how midsized businesses are the new frontier for ransomware.

Ransomware

Ransomware Information Security Government Security

Group Health Cooperative data breach impacted 530,000 individuals

Security Affairs

APRIL 10, 2024

Group Health Cooperative of South Central Wisconsin disclosed a data breach that impacted over 500,000 individuals. The Group Health Cooperative of South Central Wisconsin (GHC-SCW) is a non-profit organization that provides health insurance and medical care services to its members in the Madison metropolitan area of Wisconsin.

Data breaches

Data breaches e-Discovery Ransomware Insurance

Panda Restaurant Group disclosed a data breach

Security Affairs

MAY 1, 2024

Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of associates’ personal information. Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of personal information belonging to its associates. Panda Restaurant Group , Inc.

Data breaches

Data breaches Sales Cybersecurity Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Security Affairs

MAY 21, 2024

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported.

Ransomware

Ransomware Phishing Access IT

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. 22, 2020, the U.S.

Ransomware

Ransomware Government Security IT

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group , a U.S. Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, NSO GROUP)

IT

IT Government Security Information Security

Chinese Hacking Contractor iSoon Leaks Internal Documents

Data Breach Today

FEBRUARY 20, 2024

Company Mainly Hacked for the Ministry of Public Security An apparent leak of internal documents from a Chinese hacking contractor paints a picture of a disaffected, poorly paid workforce that nonetheless penetrated multiple regional governments and possibly NATO.

Information Security

Information Security Government Security

ISMG Editors: Our Pledge to You in a New Era of Journalism

Data Breach Today

MARCH 8, 2024

healthcare sector, Palo Alto's strategic pivot and its far-reaching implications for the industry, and new developments in tech and journalism at Information Security Media Group.

Information Security

Information Security Security IT

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure.

IoT

IoT Access Communications Military

Lazarus APT group returned to Tornado Cash to launder stolen funds

Security Affairs

MARCH 16, 2024

North Korea-linked Lazarus APT group allegedly using again the mixer platform Tornado Cash to launder $23 million. North Korea-linked Lazarus APT group allegedly has reportedly resumed using the mixer platform Tornado Cash to launder $23 million. million from exchange HTX , which took place in November 2023, to the North Korea’s group.

Blockchain

Blockchain Cybersecurity IT Information Security

ISMG Editors: What Did the Sam Altman-OpenAI Saga Teach Us?

Data Breach Today

DECEMBER 1, 2023

Also: ChatGPT Turns 1 Year Old; Police Nab Ransomware Gang Chief in Ukraine In the latest weekly update, four editors at Information Security Media Group discuss Sam Altman and OpenAI's brief leadership nightmare, the state of generative AI one year after the general release of ChatGPT, and how police nabbed a suspected ransomware group ringleader (..)

Ransomware

Ransomware Information Security Security

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif.,

Ransomware

Ransomware Mining Blockchain Sales

Cybersecurity Trends to Watch in 2024

Data Breach Today

JANUARY 1, 2024

Expert Panelists Debate Impact of AI, Geopolitics and New Tactics in the Year Ahead In conjunction with a new report from CyberEd.io, Information Security Media Group asked some of the industry's leading cybersecurity and privacy experts about 10 top trends to watch in 2024.

Cybersecurity

Cybersecurity Ransomware Privacy Information Security

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Security Affairs

MARCH 11, 2024

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server.

Ransomware

Ransomware Manufacturing Access Security

META hit with privacy complaints by EU consumer groups

Security Affairs

MARCH 4, 2024

This is my interview with TRT International on the Meta dispute with EU consumer groups, which are calling on the bloc to sanction the company EU consumer groups are calling on the bloc to sanction the company Meta – which owns Facebook, Instagram and WhatsApp – for allegedly breaching privacy rules.

Privacy

Privacy GDPR Personal data Data collection

North Korea-linked APT groups target South Korean defense contractors

Security Affairs

APRIL 23, 2024

The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus , Andariel , and Kimsuky hacked multiple defense companies in South Korea, reported the National Police Agency.

Authentication

Authentication Passwords Cloud Cybersecurity

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Security Affairs

NOVEMBER 20, 2023

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. ” reads the report published by NSFOCUS. ” concludes the report.

Phishing

Phishing Archiving Financial Services Cybersecurity

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

Security Affairs

NOVEMBER 22, 2023

The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec hacktivist group leaked stolen human resources data. SiegedSec hacktivists group claimed responsibility for the hack of The Idaho National Laboratory (INL) and leaked stolen human resources data. organizations, especially U.S. municipalities.

Data breaches

Data breaches Security Access IT

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

Security Affairs

NOVEMBER 12, 2023

The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital. The group claims to theft of more than 400GB of data, including internal files, patient medical images, and also employee email communications. Ransom demands have been quite high, between $500.000 and $700.000.

Ransomware

Ransomware Encryption Communications IT

Researchers released a free decryptor for the Key Group ransomware

Security Affairs

SEPTEMBER 1, 2023

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom.

Ransomware

Ransomware Encryption Access Security

Large Language Models: Moving Past the Early Stage

Data Breach Today

JANUARY 3, 2024

For cybersecurity professionals, these are "exciting times we live in," said Dan Grosu, CTO and CISO at Information Security Media Group. AI, machine learning and large language models are not new, but they are coming to fruition with the mass adoption of generative AI.

Information Security

Information Security Cybersecurity Security

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. ” reported Google TAG.

Archiving

Archiving Security IT Data breaches

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

Security Affairs

DECEMBER 25, 2023

In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. In early August, the group UAC-0099 sent an email impersonating the Lviv city court using the ukr.net email service. A threat actor, tracked as UAC-0099, continues to target Ukraine. The WinRAR version 6.23

Archiving

Archiving Phishing Security IT

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. The chipmaker has 14,000 employees as of 2024.

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

New RA Group ransomware gang is the latest group using leaked Babuk source code

Security Affairs

MAY 15, 2023

A previously unknown ransomware group known as RA Group is targeting companies in U.S. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. The group has already compromised three organizations in the U.S. and one in South Korea.

Ransomware

Ransomware Encryption Healthcare Insurance

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

Security Affairs

DECEMBER 14, 2023

Microsoft’s Digital Crimes Unit seized multiple domains used by cybercrime group Storm-1152 to sell fraudulent Outlook accounts. Microsoft’s Digital Crimes Unit seized multiple domains used by a cybercrime group, tracked as Storm-1152, to sell fraudulent accounts. ” reads the announcement published by Microsoft.

Sales

Sales Ransomware Marketing IT

Daixin Team group claimed the hack of North Texas Municipal Water District

Security Affairs

NOVEMBER 28, 2023

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. The Daixin Team group added NTMWD to the list of victims on its Tor leak site. The group claims to have stolen a total of 33844 files.

Ransomware

Ransomware Phishing Access Risk

NATO is investigating a new cyber attack claimed by the SiegedSec group

Security Affairs

OCTOBER 5, 2023

NATO is investigating claims that a group called SiegedSec has breached its systems and leaked a cache of unclassified documents online. On Saturday, September 30, 2023, the group announced on its Telegram channel the theft of approximately 3,000 North Atlantic Treaty Organization’ documents, more than 9 GB of data.

Military

Military Security Access IT

Ransomlooker, a new tool to track and analyze ransomware groups’ activities

Security Affairs

OCTOBER 12, 2023

Ransomlooker monitors ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker , a tool to monitor ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide.

Ransomware

Ransomware Personal data Access Cybersecurity

Dark Angels Team ransomware group hit Johnson Controls

Security Affairs

SEPTEMBER 28, 2023

Today Johnson Controls, an ICS/SCADA vendor, confirmed they were a victim of Dark Angels ransomware group. Dark Angels claims to have have exfiltrated 27TB of sensitive data from Johnson Controls We are unfamiliar with Dark Angels ransomware group. .” reported Bleeping Computer.

Ransomware

Ransomware Insurance Cybersecurity Encryption

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

Security Affairs

OCTOBER 30, 2022

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. Asahi Group Holdings, Ltd. Asahi Group Holdings, Ltd. SecurityAffairs – hacking, Asahi Group Holdings ). Follow me on Twitter: @securityaffairs and Facebook.

Manufacturing

Manufacturing Ransomware Sales Security

International police operation dismantled a prominent Ukraine-based Ransomware group

Security Affairs

NOVEMBER 28, 2023

An international law enforcement operation dismantled the core of a ransomware group operating from Ukraine. A joint law enforcement operation led by Europol and Eurojust, with the support of the police from seven nations, has arrested in Ukraine the core members of a ransomware group. ” concludes the press release.

Ransomware

Ransomware Phishing Access Information Security

Pro-Russia group KillNet targets US airports

Security Affairs

OCTOBER 10, 2022

The pro-Russia hacktivist group ‘KillNet’ is behind massive DDoS attacks that hit websites of several major airports in the US. The pro-Russia hacktivist group ‘ KillNet ‘ is claiming responsibility for massive distributed denial-of-service (DDoS) attacks against the websites of several major airports in the US.

Access

Access IT Security Information Security

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Security Affairs

JANUARY 17, 2024

Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. Naturally, not empty-handed, but with DDoS gifts” read a message published by the hacker group on its Telegram channel. ” reported the AFP agency.

Government

Government Access Security IT

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

Security Affairs

AUGUST 13, 2020

Threat Intel firm Group-IB has released an analytical report on the previously unknown APT group RedCurl, which focuses on corporate espionage. A presumably Russian-speaking group conducts thoroughly planned attacks on private companies across numerous industries using a unique toolset. From Russia to Canada.

Cloud

Cloud Phishing Analytics Access

SysAid zero-day exploited by Clop ransomware group

Security Affairs

NOVEMBER 10, 2023

Microsoft spotted the exploitation of a SysAid zero-day vulnerability in limited attacks carried out by the Lace Tempest group. “The vulnerability was exploited by a group known as DEV-0950 (Lace Tempest), as identified by the Microsoft Threat Intelligence team. ” reads the report published by Profero.

Ransomware

Ransomware Archiving Access Cybersecurity

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations.

Government

Government Authentication Phishing IT

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

Communications

Communications Encryption IT Security

The Rhysida ransomware group hit the Kuwait Ministry of Finance

Security Affairs

SEPTEMBER 26, 2023

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. The group also published a set of documents as proof of the hack. Below is the message published on Twitter by the official X account of Kuwait’s Ministry of Finance.

Ransomware

Ransomware Government Cybersecurity IT

New ransomware group Hive leaks Altus group sample files

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. On June 14th, Altus Group, a commercial real estate software solutions company, has announced that its data was breached. Altus Group has been informed about the new development.

Ransomware

Ransomware File names Archiving Encryption

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

Security Affairs

NOVEMBER 14, 2023

With at least a dozen sophisticated groups such as BlackCat/ALPHV , Medusa, and LockBit 3.0, Resecurity uncovered several episodes of attacks against nuclear operators – area of major concern for national security. The agency also noted that “ransomware attackers extorted at least $449.1

Ransomware

Ransomware Government Security Access

FIN8 Group spotted delivering the BlackCat Ransomware

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware).

Ransomware

Ransomware Sales IT Security

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Security Affairs

JANUARY 29, 2024

Ukraine’s security service (SBU) detained an alleged member of the pro-Russia hacker group “the Cyber Army of Russia.” ” Ukraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia.

Military

Military Communications Government Security

ISMG Editors: Ransomware Groups Aiming for Smaller Targets

Group Health Cooperative data breach impacted 530,000 individuals

Webinars

Trending Sources

Panda Restaurant Group disclosed a data breach

Webinars

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Conti Ransomware Group Diaries, Part I: Evasion

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Chinese Hacking Contractor iSoon Leaks Internal Documents

ISMG Editors: Our Pledge to You in a New Era of Journalism

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Lazarus APT group returned to Tornado Cash to launder stolen funds

ISMG Editors: What Did the Sam Altman-OpenAI Saga Teach Us?

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Cybersecurity Trends to Watch in 2024

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

META hit with privacy complaints by EU consumer groups

North Korea-linked APT groups target South Korean defense contractors

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

Researchers released a free decryptor for the Key Group ransomware

Large Language Models: Moving Past the Early Stage

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

New RA Group ransomware gang is the latest group using leaked Babuk source code

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

Daixin Team group claimed the hack of North Texas Municipal Water District

NATO is investigating a new cyber attack claimed by the SiegedSec group

Ransomlooker, a new tool to track and analyze ransomware groups’ activities

Dark Angels Team ransomware group hit Johnson Controls

BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

International police operation dismantled a prominent Ukraine-based Ransomware group

Pro-Russia group KillNet targets US airports

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

SysAid zero-day exploited by Clop ransomware group

Zimbra zero-day exploited to steal government emails by four groups

Magnet Goblin group used a new Linux variant of NerbianRAT malware

The Rhysida ransomware group hit the Kuwait Ministry of Finance

New ransomware group Hive leaks Altus group sample files

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

FIN8 Group spotted delivering the BlackCat Ransomware

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Stay Connected