Hackers have released internal documents stolen from one of America's largest IT services providers, which counts various US government agencies, including the Department of Defense, amongst its customers.
Read more in my article on the Hot for Security blog.
Category: Trigona
“Ukraine Cyber Alliance Takes Down Trigona Ransomware Gang, Wipes Their Data Clean”
In recent times, we’ve witnessed numerous headlines about ransomware groups wreaking havoc on corporate networks. However, this time, the ‘Ukraine Cyber Alliance,’ a group of activists, managed to infiltrate the Trigona Ransomware gang’s database and completely obliterate their operations. Notably, they absconded with sensitive information, including source code, decryption keys, and some cryptocurrency earnings acquired by the gang during the month of September this year.
A technical analysis released to the media indicates that the gang exploited a known vulnerability, CVE-2023-22515, to breach the Confluence database and gain access to this critical information. As our analysis team continues to investigate, we will provide updates as soon as further details are confirmed.
“Data Deletion Hack Targets Facebook Users”
For the first time in the history of hacking, a hacker or hacking group successfully took control of a Facebook account belonging to a photographer. They systematically deleted images and customer orders that had been stored on the account for the past seven years. The account holder, Doug Bazley from Queensland, expressed deep disappointment at the data wipe and reported the incident to Meta’s subsidiary, which subsequently launched an inquiry into the matter.
The hack appears to have occurred after Doug clicked on a phishing link that arrived in his inbox, cleverly disguised as a Meta company communication. The perpetrator(s) assumed control of the web page, altering the profile photo, changing the account holder’s name, and systematically erasing all the data that had been stored for years. Doug also voiced his dissatisfaction with the security measures Facebook imposes on user accounts. As the issue remains under investigation, it may take some time for all the facts to be revealed. Notably, deleted data often remains stored in the archival database of the social media giant for a certain period.
“Criminal Gang RansomedVC Compromises District of Columbia Board of Elections”
The District of Columbia Board of Elections (DCBOE) fell victim to a criminal gang known as RansomedVC, infamous for data extortion and their hefty demands for decryption keys. The attack followed an unconventional path, with the criminals initially targeting the hosting provider DataNet before gaining control of the online platform housing Washington DC Election Authority data.
To substantiate their claims, the gang leaked approximately 60,000 lines of voter information belonging to Washington DC voters and listed the data for sale on the dark web. The exposed information includes Social Security Numbers, driver’s license details, dates of birth, phone numbers, and email addresses. Law enforcement agencies such as the FBI and DHS have taken note of the data breach and are actively investigating these claims.
It is noteworthy that this same criminal gang, RansomedVC, was previously involved in the server hack of Sony and was confirmed to have stolen over 260GB of files in that incident.
The post Interesting cyber attack headlines trending on Google for this day appeared first on Cybersecurity Insiders.
1.) AhnLab, a South Korean cybersecurity firm, has issued an alert about a ransomware attack on Microsoft SQL Servers that are being bombarded with Trigona Ransomware payloads meant to encrypt files after stealing data. Hackers induce the same ransomware via brute force or dictionary attacks, where hackers use easy-to-guess credentials to bypass logins. Trigona was first spotted in October 2022 by MalwareHunterTeam, who analyzed the possibilities and concluded that the malware-spreading gang uses Monero Cryptocurrency from their victims to offer a decryption key in exchange.
2.) Real estate firm OrangeTee & Tie has been slapped with a fine by Singapore’s Personal Data Protection Commission (PDPC) after the company failed to protect its user data, leading to a breach of information related to 25,000 customers and employees. This includes details such as names, bank account numbers, transaction details of the property, and ID card details. ALTDOS, a hacking group from Southeast Asia, was behind the incident, and it is known that the group of threat actors demanded 10 BTC for the return of the information, along with an assurance that no stolen data would be published online thereafter. After learning about the facts of the cyber incident, PDPC slapped a fine of $37,000 on the property firm for failing to take proactive security measures in advance to prevent data from being spilled from over 11 databases.
3.) Blind Eagle, an espionage actor speaking Spanish, is linked to the cyber attacks launched on the private and public sector in Colombia, Spain, Chile, and Ecuador. Security firms Check Point and BlackBerry have discovered that the threat actors group uses spear-phishing campaigns to deliver commodity malware such as AsyncRAT and BitRAT. Also known as APT-C-36, the group is financially motivated and has been found launching promiscuous attacks against citizens in South America since 2018.
The post Trending Google news headlines on Ransomware, Penalties and Espionage appeared first on Cybersecurity Insiders.