Category: Polonium

A new hacking group dubbed ‘Polonium’ has become highly active these days and is said to be targeting only Israeli firms with an aim to conduct espionage and steal intelligence. In June this year, Microsoft Threat Intelligence Center has issued a warning against the new APT group and now security researchers from security firm ESET have confirmed it as a ransomware and data wiping tools distributor.

In a sensational finding, ESET added in its report linking Polonium to Lebanon and operating with the control in the hands of Iranian intelligence. The threat group has been assigned the duty to target technology-based firms of Israel first and infiltrate their networks to conduct espionage.

Information is out that they are only interested in developing products and services and would aim to gain analysis of what the company’s R&D is busy with these days. And how they can gain entry into the research and find a footing in the project.

ESET published the same in its Virus Bulletin 2022 conference last month and reiterated the same in its October 11th release. According to the report, the said threat group is active since September 2021 and has targeted many companies functioning in engineering, IT, Communications, laws, manufacturing, media, insurance and those serving the transit sector.

The purpose of Polonium only hitting Isreal based firms is unknown yet. But some analysts say that the espionage campaign can be extended to other developed countries soon.

 

The post New Polonium hacking group targets only Israeli firms with purpose appeared first on Cybersecurity Insiders.

The first news headline that is trending on Google belongs to Costa Rica Government websites. Information is out that Costa Rica’s Public Health System was recently targeted by Hive Ransomware and the incident happened just after a few days of attack by Conti Ransomware Group.

Going deep into the details, Costa Rican Social Security Fund (CCSS)’s website has been pulled down as the database has been targeted by Hive Ransomware Group. It is being reported that Hive encrypted around 30 servers out of 1,500 government servers and the estimated recovery time is unknown.

It’s reported that the disruption tactics have reportedly hit the vaccination and Covid-19 tests deeply.

Previously, Conti demanded $23 million for freeing up the data from encryption, and this time Hive is demanding $11 million for not publicizing the stolen data it siphoned before encryption.

Second is the news that belongs to Switzerland-based Pharma company Novartis. A very less known hacking group named Industrial Spy is claiming to have siphoned some critical data from the company’s R&D servers and is now demanding $500,000 in Bitcoins to return it to the owners. Otherwise, they also issued a warning that they will sell that data on the dark web to interested parties.

However, Novartis claims that the data lying with Industrial Spy is not sensitive and has reassured that it will take all adequate steps not to allow such incidents soon.

The third is the news that belongs to Microsoft. The software giant claims that it has blocked cyber attacks on Israeli firms that could have possibly been generated by a hacking group named ‘Polonium’ linked to Iran’s Ministry of Intelligence and Security.

Reports are in that Polonium was using around 20 OneDrive accounts to virtual abuse Israeli Companies and as soon as it received complaints, it found out the truth that Polonium had links to Tehran and was acting according to its inputs.

Interestingly, those working for Polonium are Lebanese and are seen constantly targeting businesses from Israel and acting according to Iran’s Ministry of Intelligence and Security (MOIS).

 

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.