The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Ukrainian gets five years for helping North Koreans secure US tech jobs
February 20, 2026
Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment. The 29-year-old played a role in supporting individuals working for a hostile regime to get contracts in the US. In November 2025, Didenko pleaded guilty to wire fraud and ...
- FBI: Increase in malware enabled ATM jackpotting incidents across United States
February 19, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a legitimate transaction. The FBI has observed an increase in ATM jackpotting incidents across the ...
- You can jailbreak an F-35 just like an iPhone, says Dutch defense chief
February 18, 2026
Lockheed Martin’s F-35 fighter aircraft can be jailbroken “just like an iPhone,” the Netherlands’ defense secretary has claimed. Gijs Tuinman made the comments during a podcast interview after being asked whether the aircraft’s software could be modified by European forces without permission from the US should it withdraw as an ally. “The F-35 is truly a ...
- China remains embedded in US energy networks ‘for the purpose of taking it down’
February 17, 2026
Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew – Volt Typhoon – continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos’ annual threat report published on Tuesday. Dragos specializes in operational technology (OT) security, and as ...
- US Department of Homeland Security reportedly sent hundreds of subpoenas seeking to unmask anti-ICE accounts
February 14, 2026
The Department of Homeland Security has been increasing pressure on tech companies to identify the owners of social media accounts that criticize Immigration and Customs Enforcement (ICE), according to The New York Times. This echoes other recent reporting, with Bloomberg pointing to five cases in which Homeland Security sought to identify the owners of anonymous Instagram ...
- Paris prosecutor’s cybercrime unit searches X office
February 3, 2026
French police raided the offices of Elon Musk’s social media network X on Tuesday and prosecutors ordered the tech billionaire to face questions in April in a widening investigation, amid growing scrutiny of the platform by authorities across Europe. France’s raid and the summoning of Musk — which could further increase tensions between Europe and the ...