The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- FBI: Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients
December 15, 2022
The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are releasing this joint Cybersecurity Advisory (CSA) to advise the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food ...
- ‘Why wasn’t there a back-up plan?’: After One Brooklyn Health cyber attack, community leaders demand answers
December 15, 2022
Nearly a month after a cyber attack left the One Brooklyn Health system compromised, elected officials and medical professionals gathered outside of Brookdale Hospital Medical Center to call for additional resources — and to get the healthcare system’s three hospitals back online. “I am asking for resources and answers into this cyber attack that has crippled ...
- Sting op takes down 50 DDoS-for-hire domains
December 15, 2022
Police around the globe have seized as many as 50 internet domains said to be involved in tens of millions of distributed-denial-of-service (DDoS) attacks worldwide. Seven people were collared during the swoop. The so-called “booter” websites sold “some of the world’s leading DDoS-for-hire services,” allowing paying customers to launch these networking-flooding cyberattacks against chosen victims, according ...
- California Department of Finance dealing with cybersecurity incident; no state funds compromised
December 12, 2022
An investigation is underway after a cybersecurity incident involving the California Department of Finance. The California Cyber Security Integration Center (Cal-CSIC) confirmed the incident on Monday but offered few specifics. Officials did note, however, that no state funds had been compromised. Read more… Source: MSN News
- UK arrests five for selling ‘dodgy’ point of sale software
December 12, 2022
Tax authorities from Australia, Canada, France, the UK and the USA have conducted a joint probe into “electronic sales suppression software” – applications that falsify point of sale data to help merchants avoid paying tax on their true revenue. A Friday announcement from the Joint Chiefs of Global Tax Enforcement (known as the J5), states that ...
- US Health Dept warns of Royal Ransomware targeting healthcare
December 8, 2022
The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country’s healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center (HC3) —HHS’ security team— revealed in a new analyst note published Wednesday that the ransomware group has been behind ...