The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- connect:ID 2018 reveals exciting new plans to put next-generation identity solutions in the spotlight
September 12, 2017
connect:ID will be held April 30 – May 2, 2018 at the Walter E. Washington Convention Center, Washington, DC. A rapidly expanding event, connect:ID is expected to attract 1,300 identity professionals and 100+ industry and government exhibitors. This year, connect:ID will introduce a new Start-up Zone, where young identity businesses can gain vital exposure to high-level buyers and ...
- Russian cybersecurity firm Kaspersky Lab a ‘danger’ to US security, senator warns
September 5, 2017
Prominent cybersecurity firm Kaspersky Lab poses a danger to U.S. security, warns Sen. Jeanne Shaheen, D-N.H., who is pushing to prohibit the federal government from using the Moscow-based company’s products. In a New York Times column, Shaheen alleges that the company has “extensive” ties to Russian intelligence, noting that the firm’s founder Eugene Kaspersky graduated from the ...
- Military Contractor’s Vendor Leaks Resumes in Misconfigured AWS S3
September 5, 2017
Thousands of resumes and job applications containing the personal information of U.S. veterans, many with top secret clearances, and law enforcement officers were left exposed in an Amazon Web Services S3 bucket, continuing a trend where poorly configured cloud-storage services are putting people at risk. The applicants were seeking employment with a private military contractor from ...
- FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears
August 31, 2017
Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking. The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient’s heartbeat, ...
- Pentagon Thinks Blockchain Technology Can be Used as Cybersecurity Shield
August 20, 2017
Just like any currency, Bitcoin has been involved in cases of money-laundering, drug transactions, and terrorism in previous years. However, it has also caught the Pentagon’s eyes as a potential cybersecurity shield. Why Blockchain technology? The US military has been open about their interest in Blockchain technology, so it’s no surprise that they may soon develop their own applications.. US defence analysts have previously ...
- Experts Unveil Cyber Espionage Attacks by CopyKittens Hackers
July 25, 2017
Security researchers have discovered a new, massive cyber espionage campaign that mainly targets people working in government, defence and academic organisations in various countries. The campaign is being conducted by an Iran-linked threat group, whose activities, attack methods, and targets have been released in a joint, detailed report published by researchers at Trend Micro and Israeli ...