Catalin Cimpanu reports that ransomware threat actors are doing more than just calling their victims on the phone (as previously reported on this site and by ZDNet). Now at least one of the groups, DoppelPaymer, are allegedly threatening them. The incidents have been happening since February 2020, the FBI said in a PIN (private industry notification)…
Category: Malware
FR: Services in Évreux and the agglomeration shut down after cyberattack
Laurent Philippot reports that the City of Evreux and the Évreux Portes de Normandie became victims of a ransomware attack about a week ago. At the present time, they locked down their systems to keep the attacker out, but that means that phones and internet are degraded or not working at this time. The mayor…
Microsoft says it identified 40+ victims of the SolarWinds hack, and more bad news…
Catalin Cimpanu reports: Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads. The OS maker said it was able to discover these intrusions using data collected by Microsoft Defender antivirus product, a free antivirus product built…
Ransomware masquerades as mobile version of Cyberpunk 2077
Lawrence Abrams reports: A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare. To trick users into installing malware, threat actors commonly distribute them as gamer installers, cheats, and cracks for copyrighted software. Read more on BleepingComputer.
Iranian nation-state hackers linked to Pay2Key ransomware
Sergiu Gatlan reports: Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil. “We estimate with medium to high confidence that Pay2Key is a new operation conducted by Fox Kitten, an Iranian APT group that began a new wave of attacks in…
French pharmaceutical firm involved in packaging anti-COVID vaccines hit by cyberattack
On December 9, the European Medicines Agency reported that it had been a victim of a cyberattack. The announcement was of significant concern because EMA was considering was issuing authorizations for several COVID-19 vaccines. The next day, Pfizer announced that some documents it had submitted to EMA as part of that process had been involved…