The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- CISA Awards $2 Million To Bring Cybersecurity Training To Rural Communities And Diverse Populations
October 20, 2021
WASHINGTON – As part of its mission to recruit diverse cybersecurity talent and build the workforce of the future, the Cybersecurity and Infrastructure Security Agency (CISA) has awarded $2 million to two innovative organizations for development of cyber workforce training programs. The NPower and CyberWarrior organizations, which received the awards, will focus on the unemployed ...
- Joint CISA, FBI and NSA Cybersecurity Advisory – BlackMatter Ransomware
October 18, 2021
This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations. This advisory provides information ...
- Sinclair Confirms Ransomware Attack That Disrupted TV Stations
October 18, 2021
Sinclair Broadcast Group, which owns hundreds of local television stations across the U.S., confirmed Monday that it has suffered a ransomware attack. The incident is disrupting its advertising operations, among other things, and spread to many of its owned TV affiliates over the weekend, knocking local broadcast feeds off the air. The cyberattack disrupted the company’s ...
- Ongoing Cyber Threats to U.S. Water and Wastewater Systems
October 14, 2021
This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and ...
- Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
October 11, 2021
DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime ...
- US schools gave kids laptops during the pandemic. Then they spied on them
October 11, 2021
When the pandemic started last year, countless forms of inequality were exposed – including the millions of American families who don’t have access to laptops or broadband internet. After some delays, schools across the country jumped into action and distributed technology to allow students to learn remotely. The catch? They ended up spying on students. ...