The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight a trend of compromised US and foreign government email addresses used to conduct fraudulent emergency data requests to US-based companies, exposing personally identifying information (PII).
While the concept of fraudulent emergency data requests was previously used by other threat actors, such as Lapsus$, the increase in postings on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increase of their use. The FBI encourages organizations to implement the recommendations in the Mitigations section to reduce the likelihood and impact from submission of fraudulent emergency data requests to attempt to gain unauthorized access to PII.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Senators say US military is failing to secure its phones from foreign spies
December 4, 2024
Two U.S. senators are accusing the Department of Defense (DOD) of not doing enough to protect the communications of its military personnel, as the U.S. government contends with an ongoing Chinese hacking campaign targeting American phone and internet giants. The senators say the Department of Defense still relies too heavily on old-fashioned landline calls, and unencrypted ...
- NCA disrupts $multi-billion Russian money laundering networks with links to, drugs, ransomware and espionage, resulting in 84 arrests
December 4, 2024
An international NCA-led investigation – Operation Destabilise – has exposed and disrupted Russian money laundering networks supporting serious and organised crime around the world: spanning from the streets of the UK, to the Middle East, Russia, and South America. Investigators have identified two Russian-speaking networks collaborating at the heart of the criminal enterprise; Smart and TGR. ...
- Enhanced Visibility and Hardening Guidance for Communications Infrastructure
December 3, 2024
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that People’s Republic of China (PRC)-affiliated threat actors compromised networks of major global telecommunications providers to ...
- No company too small for Phobos ransomware gang, indictment reveals
December 2, 2024
The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, ...
- Exxon lobbyist investigated over hack-and-leak of environmentalist emails
November 27, 2024
The FBI has been investigating a longtime Exxon Mobil consultant over the contractor’s alleged role in a hack-and-leak operation that targeted hundreds of the oil company’s biggest critics, according to three people familiar with the matter. The operation involved mercenary hackers who successfully breached the email accounts of environmental activists and others, the sources told Reuters. ...
- Ransomware attack on Blue Yonder disrupts Starbucks, Sainsbury’s, Morrisons
November 27, 2024
Starbucks has confirmed that a ransomware attack on software supplier Blue Yonder has disrupted its internal systems for managing employee schedules and tracking work hours. The incident has primarily affected Starbucks’ North American operations, including approximately 11,000 stores across the United States and Canada. Starbucks says the cyberattack has compromised its ability to track baristas’ hours ...