James Pearson reports: China’s biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify. ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the…
Category: Hack
Denmark Hit With Largest Cyberattack on Record
Chris Riotta reports: Hackers potentially linked to the Russian GRU Main Intelligence Directorate carried out a series of highly coordinated cyberattacks targeting Danish critical infrastructure in the nation’s largest cyber incident on record, according to a new report. SektorCERT, a nonprofit cybersecurity center for critical sectors in Denmark, reported that attackers gained access to the…
Time’s up, Sunday edition: Some Jeffco Public Schools data was leaked, some data was put up for sale
As first reported on DataBreaches on Friday, SingularityMD indicated that they would be leaking or selling Jeffco Public Schools data. They followed through. In one thread on a popular hacking forum, they leaked what they claim is a 500 MB csv file for an AD Export from November 2020. The leak contains “includes hashed passwords,…
Time’s up: SingularityMD sets up to sell data from Jeffco Public Schools
It looks like “SingularityMD,” the hacker(s) of Clark County School District in Nevada and Jeffco Public Schools in Colorado, are looking to start selling the data they exfiltrated. In an introductory post today on Breach Forums, they write: We are SingularityMD. We specialize in low sophistication corporate network infiltration. We are behind the following hacks…
Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack
Team Huntress writes: In a concerning development within the healthcare sector, Huntress has identified a series of unauthorized access that signifies internal reconnaissance and preparation for additional threat actor activity against multiple healthcare organizations. The attackers abused a locally hosted instance of a widely-used remote access tool, ScreenConnect—utilized by the company Transaction Data Systems (which…
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)
Helga Labus reports: A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. […] The (limited) attacks were first spotted by the Microsoft Threat Intelligence team, and they notified Israeli software maker SysAid about them on November…