The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- No big deal… Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities
July 24, 2018
The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure. Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, ...
- Thousands of U.S. Voter Personal Records Leaked by Robocall Firm
July 18, 2018
The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company. Researchers have discovered yet another misconfigured repository bucket – this time leaking the information of U.S. voters. The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company called Robocent. Kromtech Security researchers, ...
- Indictments Against 12 Russians Show How Hackers Were Hacked
July 18, 2018
Hi everybody, Jordan Robertson here. I cover cybersecurity in Washington, D.C. Today’s newsletter is about Special Counsel Robert Mueller’s indictment this week of 12 Russian military officers for allegedly orchestrating the hacks of the 2016 U.S. presidential election. The indictment, which I encourage you to read if you’re interested in technical details about how the hacks worked, is remarkable in a number ...
- Hacker Sold Stolen U.S. Military Drone Documents On Dark Web For Just $200
July 11, 2018
You never know what you will find on the hidden Internet ‘Dark Web.’ Just about an hour ago we reported about someone selling remote access linked to security systems at a major International airport for $10. It has been reported that a hacker was found selling sensitive US Air Force documents on the dark web for between $150 ...
- White House picks new chief to oversee cyber-weapons group
June 22, 2018
The White House has a new leader of a largely secretive government group that decides whether software and hardware vulnerabilities should be withheld from the public to help the government conduct cyber operations. Grand Schneider, the federal chief information security officer and senior director at the National Security Council, was named head of the Vulnerabilities Equities Process (VEP) ...
- GDPR: US news sites blocked to EU users over data protection rules
May 25, 2018
A number of high-profile US news websites are temporarily unavailable in Europe after new European Union rules on data protection came into effect. The Chicago Tribune and LA Times were among those posting messages saying they were currently unavailable in most European countries. The General Data Protection Regulation (GDPR) gives EU citizens more rights over how their ...