It almost felt like Christmas came early in a winter of despair. As noted yesterday, a Conti member who appears furious with Conti for its statement supporting Russia started dumping internal records from Conti with a statement ending, “Glory to Ukraine!” The leak was first reported on Twitter by VX-Underground: Conti ransomware group previously put…
Category: Of Note
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
I’ve occasionally seen evidence that one victim was hit by more than one group or threat actor, but Sophos provides the most detailed reporting I’ve ever seen on one such incident. Sean Gallagher takes us through the saga that impacted a healthcare provider in Canada hit by two separate ransomware groups — Karma and Conti….
Ukrainian Cyberpolice recruit help fighting Russia
None of the press email addresses for the Ukrainian cyberpolice have been working, so I’ll just post a notice from them here. I had reached out to them to ask them if they had tried directly recruiting those who they have arrested in the past, such as those affiliated with Clop. I’ve also sent an…
Conti ransomware gang chats leaked by pro-Ukrainian member
Catalin Cimpanu reports: A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on Friday, in the aftermath of Russia’s invasion of Ukraine. The message appears to have rubbed Conti’s Ukrainian members the…
Dallas IT worker erased police files by accident, didn’t have enough training, report says
Everton Bailey Jr. reports: A former Dallas IT worker fired after deleting millions of police files last year while trying to move them from online storage didn’t have enough training to do the job properly, according to an independent investigation of the incident. Despite his job primarily being focused on working with Commvault, the software…
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
From a Joint Cybersecurity Advisory (TLP:White): SUMMARY The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. CyberCommand Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSCUK) have observed a group of Iranian government-sponsored advanced persistent threat (APT) actors, known as MuddyWater, conducting cyber espionage…