Planned Parenthood of Montana’s chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment.
This comes as ransomware crew RansomHub boasted it had broken into the nonprofit, and stolen its data, which it is threatening to leak unless payment is made. According to Martha Fuller, CEO and president of the US state’s Planned Parenthood office, a network intrusion – or a “cybersecurity incident” as the org put it – was spotted on August 28.
Read more…
Source: The Register
Related:
- Chinese police put 3 U.S. operatives on wanted list over cyberattacks
April 15, 2025
Police authorities in Harbin, in northeast China’s Heilongjiang Province, said on Tuesday that they are pursuing three operatives affiliated with the U.S. National Security Agency (NSA) over suspected cyberattacks against China. The Harbin public security bureau said that the three operatives — Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson — had been ...
- Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
April 14, 2025
Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) is a North Korean state-sponsored threat group primarily focused on generating revenue for the DPRK regime, typically by targeting large organizations in the cryptocurrency sector. This article analyzes their campaign that we believe is connected to recent cryptocurrency heists. In this campaign, Slow Pisces engaged with cryptocurrency developers on ...
- Password Spray Attacks Taking Advantage of Lax MFA
April 10, 2025
In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential spraying was primarily designed to discover and compromise accounts not properly secured by multi-factor ...
- Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns
April 9, 2025
Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025. In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated ...
- Hackers to Target Elon Musk For a ‘Full Month’
April 8, 2025
A group of hackers that previously targeted President Donald Trump has pledged to take aim at Elon Musk for the next month. DonRoad Team, which previously claimed responsibility for taking down several Trump-associated websites, announced Monday it would begin hitting sites linked to Elon Musk. Elon Musk has increasing become a target of backlash as a result ...
- Attackers distributing a miner and the ClipBanker Trojan via SourceForge
April 8, 2025
Recently, Kaspersky researchers noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. The site hosts numerous software projects, and anyone can upload theirs. One such project, officepackage, on the main website sourceforge. net, appears harmless enough, containing Microsoft Office add-ins copied from a legitimate ...