Planned Parenthood of Montana’s chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment.
This comes as ransomware crew RansomHub boasted it had broken into the nonprofit, and stolen its data, which it is threatening to leak unless payment is made. According to Martha Fuller, CEO and president of the US state’s Planned Parenthood office, a network intrusion – or a “cybersecurity incident” as the org put it – was spotted on August 28.
Read more…
Source: The Register
Related:
- New ‘Lightning Framework’ Linux malware installs rootkits, backdoors
July 21, 2022
A new and previously undetected malware dubbed ‘Lightning Framework’ targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a “Swiss Army Knife” in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. Read more… Source: Bleeping ...
- LockBit: Ransomware Puts Servers in the Crosshairs
July 20, 2022
LockBit affiliates using servers to spread ransomware throughout networks. Symantec, a division of Broadcom Software, has observed threat actors targeting server machines in order to spread the LockBit ransomware threat throughout compromised networks. In one attack observed by Symantec, LockBit was seen identifying domain-related information, creating a Group Policy for lateral movement, and executing a “gpupdate /force” ...
- Luna and Black Basta – new ransomware for Windows, Linux and ESXi
July 20, 2022
In Kaspersky crimeware reporting service, they analyze the latest crime-related trends we come across. If Kaspersky look back at what they covered last month, they will see that ransomware (surprise, surprise!) definitely stands out. In this blog post, Kaspersky researchers provide several excerpts from last month’s reports on new ransomware strains. Last month, Kaspersky Darknet Threat ...
- Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
July 20, 2022
The use of legitimate Windows tools as part of malicious actors’ malware arsenal has become a common observation in cyber incursions in recent years. We’ve discussed such use in a previous article where PsExec, Windows Management Instrumentation (WMI), simple batch files or third-party tools such as PC Hunter and Process Hacker were used to disable ...
- Hacking group ‘8220’ grows cloud botnet to more than 30,000 hosts
July 19, 2022
A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache. Previous attacks ...
- New CloudMensis malware backdoors Macs to steal victims’ data
July 19, 2022
Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks. ESET researchers first spotted the new malware in April 2022 and named it CloudMensis because it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control (C2) communication. CloudMensis’ capabilities clearly show that ...