The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked
June 4, 2020
A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information. The company, Westech International, has a range of contracts with the military for everything from ongoing evaluation for the ballistic ...
- NIST to Digital Forensics Experts: Show Us What You Got
June 2, 2020
First large-scale “black box” study will test the accuracy of computer and mobile phone forensics. Digital forensics experts often extract data from computers and mobile phones that may contain evidence of a crime. Now, researchers at the National Institute of Standards and Technology (NIST) will conduct the first large-scale study to measure how well those experts ...
- Amtrak discloses data breach, potential leak of customer account data
June 2, 2020
The National Railroad Passenger Corporation (Amtrak) has disclosed a data breach that may have resulted in the compromise of customer personally identifiable information (PII). The data breach was discovered on April 16, 2020. In a letter to the Attorney General’s Office of Vermont, made public on April 29, the rail service said that an unknown third party managed ...
- Mozilla, Twitter, Reddit join forces in effort to block browsing data from warrantless access
May 25, 2020
A group of seven internet companies are vowing to stand up for the privacy of its users this week when the United States House of Representatives considers the USA FREEDOM Reauthorization Act of 2020. Mozilla, Engine, Reddit, Reform Government Surveillance, Twitter, i2Coalition, and Patreon have asked four US legislators to explicitly prohibit the warrantless collection of internet ...
- Texas Courts Won’t Pay Up in Ransomware Attack
May 14, 2020
A ransomware attack has hit the information technology office that supports Texas appellate courts and judicial agencies, leading to their websites and computer servers being shut down. The office said that it will not pay the ransom requested by the cybercriminals. Specifically affected is the Office of Court Administration (OCA), which is the IT provider for ...
- SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes
May 7, 2020
Focusing on one of the most active subsets of the global threat landscape, Palo Alto Networks Unit 42 tracks Nigerian cyber criminals involved in Business Email Compromise (BEC) activities under the name SilverTerrier. Over the past 90 days (Jan. 30 – Apr. 30), we have observed three SilverTerrier actors/groups launch a series of 10 COVID-19 themed ...