Release Date: March 16, 2023 Alert Code: AA23-075A SUMMARY Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to…
Category: Commentaries and Analyses
BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion
Elizabeth Montalbano reports: The BianLian ransomware group is ramping up its operations and maturing as a business, moving more swiftly than ever to compromise systems. It’s also moving away from encryption to pure data-theft extortion tactics, in cyberattacks that have so far bagged at least 116 victims, researchers have found. BianLian, first discovered last July, hasn’t deviated much…
Current Turmoil and Future Risks in Resolving Data Breach Class Actions
Here’s an interesting post by Mark Olthoff of Polsinelli law firm discussing recent developments in class action lawsuits. Here are some snippets: First, an increasing number of data breach lawsuits are being filed in state court rather than in federal court. Several possible reasons exist for this development. For one, federal courts have limited subject…
Romanian entities issued monetary penalties for infosecurity and data protection failures
Regulators in Romania have issued monetary penalties to six Romanian entities for insufficient technical and organizational measures to ensure information security. Two other entities were issued fines for other GDPR violations. The fines for insufficient technical and organizational measures ranged from 1,000 to 10,000 euros. Two of the entities were in the medical center. A…
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server
CISA Advisory Alert Code AA23-074A Summary From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a…
New threat group hacked EU healthcare agency and embassies, researchers say
Jonathan Greig reports: A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research. Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual…