In December and January, threat actors successfully exploited multiple vulnerabilities in an older file transfer system by Accellion. A number of Accellion’s clients subsequently found themselves on the receiving end of extortion demands to either pay the threat actors, or have their data dumped publicly. A number of firms apparently refused to pay, and their…
Category: Subcontractor
Vengeful IT Contractor Sentenced to Two Years for Deleting Carlsbad Company’s Microsoft User Accounts
March 22 — Deepanshu Kher was sentenced today in federal court to two years in prison for accessing the server of a Carlsbad Company and deleting over 1,200 over the company’s 1,500 Microsoft User Accounts. According to court documents, Kher was employed by an information technology consulting firm from 2017 through May 2018. In 2017,…
Transport NSW documents posted on dark web after Accellion hack
Anton Nilsson reports that threat actors who have been dumping files from Accellion clients have started dumping files from Transport NSW: Massive amounts of sensitive NSW government documents have been published online by hackers attempting to extort the authorities for cash. The sporadic leaks to the dark web have continued in the past few days…
Ca: Nunavut schools confirm school information system vendor suffered ransomware attack
On March 3, this site noted that a security incident affecting Manitoba school districts sounded like a ransomware attack on Edsembli. Yesterday, Nunavut’s Department of Education confirmed it was a ransomware attack on the territory’s school information system that stores grades, attendance and student enrolment. That system is maintained by Edsembli. No data has reportedly…
Malaysia call centre worker jailed for retrieving Singtel customer details that were later sold to loan sharks
Lydia Lam reports: A team leader at a call centre in Malaysia handling technical support for Singtel customers helped an ex-colleague retrieve information from more than 1,000 business accounts belonging to licensed moneylenders. The information, which included bills, company names and landline numbers, was later used by data sellers to carry out loan sharking activities….
Arizona Complete Health notifies plan members of Accellion breach
On February 26, Arizona Complete Health notified plan members of the Accellion breach. According to the notification (see below), the threat actors (who have since self-identified as CLOP) were able to “view or save” member information between January 7 and January 25, 2021. The types of ePHI involved included insured members’ name and one or…