Ionut Ilascu reports: An affiliate of the recently discovered Yanluowang ransomware operation is focusing its attacks on U.S. organizations in the financial sector using BazarLoader malware in the reconnaissance stage. Based on observed tactics, techniques, and procedures, the threat actor is experienced with ransomware-as-a-service (RaaS) operations and may be linked with the Fivehands group. Read more on…
Category: Malware
Hackers plant card-stealing malware on website that sells baron and duke titles
Catalin Cimpanu reports: A threat actor has hacked the website of the Principality of Sealand, a micronation in the North Sea, and planted malicious code on its web store, which the government is using to sell baron, count, duke, and other nobility titles. Called a “web skimmer,” the malicious code allowed the hackers to collect…
Ransomware attack shuts down Lewis & Clark Community College
Russell Kinsaul reports: Lewis and Clark Community College in Godfrey closed all their campuses this week and cancelled all extra-curricular activities, including sports. The move was made after the director of information technology noticed suspicious activity last Tuesday and shut down the school’s computer network on Wednesday. According to college president, Ken Trzaska, hackers got…
OR: One Community Health reports April cyberattack
On September 13, DataBreaches.net added an entry to the monthly worksheet this site maintains for annual data analyses. The entry was for “One Community Health” in Oregon, but it was not the covered entity that announced the breach. DataBreaches.net learned about the breach from Pysa threat actors who had added the covered entity to their…
Daily Mail claims to have located REvil threat actor wanted by FBI for ‘using ransomware to fleece millions of dollars’ from Americans
The Daily Mail is not a news outlet that I would normally turn to for breaking news about tracking down a Russian cybercriminal, but that is what they claim to have done. Will Stewart reports: One of the FBI’s most wanted men linked to ransomware gang REvil is living freely in a Siberian city with…
Swire Pacific Offshore reports cyberattack
Seen on Hellenic Shipping News: Swire Pacific Offshore (SPO) has discovered that it was the target of a cyberattack which involved unauthorised access to its IT systems. The unauthorised access has resulted in the loss of some confidential proprietary commercial information and has resulted in the loss of some personal data. The cyberattack has not…