It almost felt like Christmas came early in a winter of despair. As noted yesterday, a Conti member who appears furious with Conti for its statement supporting Russia started dumping internal records from Conti with a statement ending, “Glory to Ukraine!” The leak was first reported on Twitter by VX-Underground: Conti ransomware group previously put…
Why won’t law enforcement answer questions about RaidForums? Or have they just winked?
“Oh for f*** sake,” a February 25th message on Signal to me began. RaidForums had been seized, I was told. But had it been? [Note: this article does not link to RaidForums’ site as it is may still be a phishing page.] A WHOIS lookup on the domain today shows that the registration for RaidForums[.]com…
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
I’ve occasionally seen evidence that one victim was hit by more than one group or threat actor, but Sophos provides the most detailed reporting I’ve ever seen on one such incident. Sean Gallagher takes us through the saga that impacted a healthcare provider in Canada hit by two separate ransomware groups — Karma and Conti….
Toyota to halt operations at all Japan plants due to cyberattack
Reuters reports: Toyota said it will suspend all domestic factory operations on Tuesday losing around 13,000 cars after one a company supplying plastic parts and electronic component was hit by a suspected cyberattack. No information was immediately available about who was behind the attack or the motive. The attack comes just after Japan joined Western…
Bridgestone investigating possible information security breach
Hollie West reports: Some employees at Bridgestone’s La Vergne plant reported being sent home Sunday morning due to a possible cyber attack. Bridgestone Americas confirmed that it learned of a potential security incident and has launched an investigation. The company says it has disconnected some manufacturing and retreading facilities in North America and Latin America…
Ukrainian Cyberpolice recruit help fighting Russia
None of the press email addresses for the Ukrainian cyberpolice have been working, so I’ll just post a notice from them here. I had reached out to them to ask them if they had tried directly recruiting those who they have arrested in the past, such as those affiliated with Clop. I’ve also sent an…