Marine Pichon and Alexis Bonnefoi of Orange Cyberdefense report: Last year, Orange Cyberdefense’s CERT investigated a series of incidents from an unknown threat actor leveraging both ShadowPad and PlugX. Tracked as Green Nailao (“Nailao” meaning “cheese” in Chinese – a topic our World Watch CTI team holds in high regard), the campaign impacted several European organizations, including in the healthcare vertical, during…
Category: Malware
FBI and CISA Warn of Ghost Ransomware
Waqas reports: A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals the ongoing threat of Ghost ransomware, also known as Cring. Active since early 2021, this group, operating out of China, has targeted organizations in over 70 countries, impacting…
Medusa ransomware gang demands $2M from UK private health services provider
Iain Thomson reports: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid. Previously known as Virgin Care and now owned by Twenty20 Capital, HCRG runs child and…
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims
Solomon Klappholz reports: The BlackLock ransomware group has become one of the most prolific operators in the Ransomware as a Service (RaaS) ecosystem, with experts warning it could accelerate its growth over the next year. Also known as El Dorado, BlackLock was ranked as the the seventh most active ransomware group based on the number of posts…
$10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit
Waqas reports: A new report reveals how inexpensive cybercrime can compromise even the most secure organizations. According to Hudson Rock, employees at key US defence entities, including the Pentagon, major contractors like Lockheed Martin and Honeywell, military branches, and federal agencies like the FBI, have fallen victim to Infostealer malware. These infections expose highly sensitive data,…
As US newspaper outages drag on, Lee Enterprises blames cyberattack for encrypting critical systems
Zack Whittaker reports: Newspaper publishing giant Lee Enterprises said an ongoing cyberattack is causing disruptions across its business, and is now in its third week of outages. In a filing with the U.S. Securities and Exchange Commission, Lee said it was conducting a forensic analysis to determine if sensitive or personal data was stolen in…