The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Colorado energy company loses 25 years of data after cyberattack while still rebuilding network
December 2, 2021
Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost. In an update sent to customers this week, the company said it expects to be able to begin accepting payments through its ...
- DHS Announces New Cybersecurity Requirements for Surface Transportation Owners and Operators
December 2, 2021
WASHINGTON – DHS’s Transportation Security Administration (TSA) today announced two new Security Directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure. These actions are among several steps DHS is taking to increase the cybersecurity of U.S. ...
- Planned Parenthood LA: Ransomware attack leaks health data of 400,000 patients
December 2, 2021
Planned Parenthood Los Angeles has sent out breach notification letters to about 400,000 patients after the organization suffered from a ransomware incident between October 9 and October 17. In a letter shared with the California Attorney General’s office and sent out on November 30, the organization said it identified suspicious activity in its computer network on ...
- FBI Document Says the Feds Can Get Your WhatsApp Data – in Real Time
November 29, 2021
As Apple and WhatsApp have built themselves into multibillion-dollar behemoths, they’ve done it while preaching the importance of privacy, especially when it comes to secure messaging. But in a previously unreported FBI document obtained by Rolling Stone, the bureau claims that it’s particularly easy to harvest data from Facebook’s WhatsApp and Apple’s iMessage services, as long ...
- TSA makes changes to new cyber requirements after industry feedback
November 23, 2021
The Transportation Security Administration is softening the deadlines on new cybersecurity requirements for major passenger and freight rail operators, as the agency’s leader said it learned from efforts earlier this year to begin regulating the cybersecurity of the pipeline sector. TSA is expected to issue the new security directives for major railroad and rail transit entities ...
- UK and US join forces to strike back in cyber-space
November 18, 2021
The US and UK are joining forces to “impose consequences” on their shared adversaries who conduct malicious cyber-activities. The combined action would address “evolving threats with a full range of capabilities”, they said. The shared adversaries were not named but the announcement follows increasing concern over Russia-based ransomware. Read more… Source: BBC News