From Mandiant: UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ransomware and data theft extortion in early 2023, they…
Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
As posted at K12 SIX: The K12 SIX Technical Working Group is pleased to open a call for public input into the fourth annual update and revision to the K12 SIX Essential Cybersecurity Protections Series. The goal of the K12 SIX Essential Cybersecurity Protections is to communicate the most important defenses that K-12 school systems…
Cyberattack puts healthcare on hold for hundreds in St. Louis metro
Russell Kinsaul reports on what sounds like a seriously impactful ransomware attack: Sometime in April, Esse Health was hit by a cyberattack, locking up parts of the health group’s computer network and putting healthcare on hold for many patients. Cindy Wagner needs to switch to a new doctor but her records can’t be transferred because they’re locked up…
Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains
The following is a press release from Europol: In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that…
GlobalX, Airline for Trump’s Deportations, Hacked
Joseph Cox and Jaso Koebler report: Hackers have targeted GlobalX Air, one of the main airlines the Trump administration is using as part of its deportation efforts, and stolen what they say are flight records and passenger manifests of all of its flights, including those for deportation, 404 Media has learned. The data, which the…
IT warning after 160-year-old firm goes into administration following a ransomware attack
Even though the media often mentions the risk of businesses folding due to a cyberattack, attempts to find examples of where a cyberattack really was the sole explanation/cause are often hard to find. Whether there were any other financial factors in the case reported here that contributed to the firm going into administration is unknown…