The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors
May 10, 2022
CISA and the Federal Bureau of Investigation (FBI) have updated the joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with U.S. government attribution to Russian state-sponsored malicious cyber actors. The United States assesses Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian ...
- Biden signs cybercrime tracking bill into law
May 9, 2022
US President Joe Biden has signed into law a bill that aims to improve how the federal government tracks and prosecutes cybercrime. The Better Cybercrime Metrics Act, which Biden signed late last week, requires the Department of Justice to work with the National Academy of Sciences to develop a taxonomy that law enforcement can use to ...
- US offers $15m reward for information about Conti ransomware gang
May 9, 2022
The US government is offering up to $15 million for information about key leaders of the notorious Conti ransomware group and any individual participating in an attack using a variant of Conti’s malware. In its notice issued May 6, the US Department of State said the Conti ransomware variant was the costliest strain of ransomware on ...
- Former Twitter employees charged with spying for Saudi Arabia by digging into the accounts of kingdom critics
May 6, 2022
The Justice Department has charged two former Twitter employees with spying for Saudi Arabia by accessing the company’s information on dissidents who use the platform, marking the first time federal prosecutors have publicly accused the kingdom of running agents in the United States. One of those implicated in the scheme, according to court papers, is an ...
- White House: Quantum computers could crack encryption, so here’s what we need to do
May 5, 2022
The White House has announced a set of proposals for keeping the US ahead in the quantum computing race globally, while mitigating the risk of quantum computers that can break public-key cryptography. Quantum computers powerful enough to break public-key encryption are still years away, but when it happens, they could be a major threat to national ...
- FBI: Business Email Compromise – The $43 Billion Scam
May 4, 2022
This Public Service Announcement is an update and companion piece to Business Email Compromise PSA I-091019-PSA posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center complaint information and updated statistics from October 2013 to December 2021. DEFINITION Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform ...