The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US to offer cyberwar capabilities to NATO allies
October 4, 2018
Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official. The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers ...
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
September 24, 2018
The Pennsylvania Senate Democratic Caucus paid $703,697 to Microsoft to rebuild its IT infrastructure after suffering a ransomware infection in March 2017. The incident took place on March 3, 2017, when the organization’s entire IT systems, including its web servers, went down at the hands of a yet-to-be-revealed ransomware strain. The ransomware encrypted files and requested payment of ...
- US State Department confirms: Unclassified staff email boxes hacked
September 18, 2018
The US State Department has confirmed one of its email systems was attacked, potentially exposing the personal information of some of its employees. Uncle Sam’s officials said in a statement to The Register on Tuesday that “suspicious activity” in its email system led it to send out warnings to a number of employees whose personal information may have ...
- U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy
September 6, 2018
The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world.” The Justice Department has charged a North Korean man in the hacking of Sony Pictures Entertainment (SPE) in 2014 – as well as the global WannaCry attack last year that caused millions of dollars of ...
- House Passes Bill Expanding DHS’ Power to Block Risky Contractors from Government Networks
September 5, 2018
The House passed legislation Tuesday that would dramatically broaden the Homeland Security Department’s power to block contractors and subcontractors that officials determine present cybersecurity and national security risks to the department’s technology supply chain. The bill, which is modeled on an authority already granted to the Defense Department, comes after Congress took action in the past ...
- Five Eyes governments get even tougher on encryption
September 2, 2018
“The governments of the United States, the United Kingdom, Canada, Australia, and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights,” began a document agreed to last week. Sounds good. But wait. The government ministers who met on Australia’s Gold Coast last week went on to ...