The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- DoJ takes down Russian botnet that targeted WatchGuard and Asus routers
April 6, 2022
The US Justice Department in March carried out an operation that successfully removed malware known as “Cyclops Blink” from vulnerable internet-connected firewall devices, the department announced Wednesday. The operation disrupted the control the Russian Federation’s Main Intelligence Directorate (GRU) had over a global botnet of thousands of infected devices. The Cyclops Blink Malware specifically targeted WatchGuard ...
- Feds slay dark-web souk Hydra: Servers and $25m in crypto-coins seized
April 5, 2022
US and German federal agencies came down hard on Hydra, the longest-running known dark-web marketplace trafficking in illegal drugs and money-laundering services, with a multi-pronged attack that aimed to cut off multiple heads of the nefarious online beast. First, German federal police in coordination with US law enforcement seized Hydra servers and cryptocurrency wallets containing $25 ...
- National Security Agency employee indicted for ‘leaking top secret info’
April 1, 2022
The United States Department of Justice (DoJ) has accused an NSA employee of sharing top-secret national security information with an unnamed person who worked in the private sector. According to a DoJ announcement and the indictment, an NSA staffer named Mark Unkenholz “held a TOP SECRET/Sensitive Compartmented Information (SCI) clearance and had lawful access to classified ...
- Inspector general says the U.S. post office surveillance program exceeded legal authority
March 31, 2022
An inspector general probe into the U.S. Postal Service surveillance program, known as iCOP, concluded that the agency did not have the legal authority to conduct the sweeping intelligence collection and surveillance of American protesters and others between 2018 and 2021. The Postal Service Office of Inspector General launched an investigation into iCOP — which stands ...
- FBI: Ransomware Attacks Straining Local US Governments and Public Services
March 30, 2022
The FBI is informing Government Facilities Sector (GFS) partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. Ransomware attacks against local government entities and the subsequent impacts are especially significant due to the public’s dependency on critical utilities, emergency ...
- Cyber Actors Target US Election Officials with InvoiceThemed Phishing Campaign to Harvest Credentials
March 29, 2022
The FBI is warning US election and other state and local government officials about invoicethemed phishing emails that could be used to harvest officials’ login credentials. If successful, this activity may provide cyber actors with sustained, undetected access to a victim’s systems. As of October 2021, US election officials in at least nine states received invoice-themed ...