The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US seizes $6 million from REvil ransomware, arrest Kaseya hacker
November 8, 2021
The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner. The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi, arrested for cybercriminal activity on October 8 at the behest ...
- INTERPOL-led operation takes down prolific cybercrime ring
November 5, 2021
SEOUL, Korea – A 30-month transcontinental investigation and operation has resulted in arrests and Red Notices for suspects believed to be behind a global malware crime network. Two Red Notices, which are internationally wanted persons alerts, have been circulated to INTERPOL’s 194 member countries following a request by Korea’s cybercrime investigation division via INTERPOL’s National Central ...
- CISA Binding Operational Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities
November 3, 2021
A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems. Section 3553(b)(2) of title 44, U.S. Code, authorizes the Secretary of the Department of Homeland Security (DHS) to develop and oversee the implementation of binding operational directives. Federal agencies are required to comply ...
- US sanctions NSO Group, Israeli spyware company at centre of Pegasus Papers
November 3, 2021
The US is sanctioning an Israeli spyware company that it accused of supplying technology to foreign governments “to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers”. NSO Group had been accused of assisting despotic regimes in targeting journalists, political dissidents, and human rights activists in reports earlier this year. The company responded at the ...
- ‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
November 3, 2021
A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12. Tortilla, ...
- Medical school exposes personal data of thousands of students
November 3, 2021
A US medical training school exposed the personally identifiable information (PII) of thousands of students. On Wednesday, vpnMentor published a report on the security incident, in which an unsecured bucket was left exposed online. The server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data, or ...