The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Cybersecurity Demands a Military Mindset
June 21, 2017
American corporations have a high degree of cybersecurity risk awareness, and yet many enterprises, especially in non-regulated sectors, fall short in their cybersecurity stance. This is mainly because executives see security as an ROI-less investment mandated by regulation. Even worse, executives suffer from two psychological biases: “We haven’t suffered a breach this year, so no need ...
- U.S. Government Embraces Automated Cybersecurity
June 16, 2017
Agencies in the federal government are working to develop tools and software that would automate cybersecurity – essentially, an effort to remove human error from the equation. A new report out by NextGovdetails the automation effort, and why these tools aren’t yet ready for government-wide deployment. Much of the cybersecurity efforts in government currently, revolve around ...
- Brit hacker admits he siphoned info from US military satellite network
June 16, 2017
A UK-based computer hacker has admitted stealing hundreds of usernames and email addresses from a US military communications system. Sean Caffrey, 25, of Sutton Coldfield in the West Midlands, broke in and pinched the ranks, usernames and email addresses of more than 800 users of a satellite communications system and of about 30,000 satellite phones, back ...
- US Warns of ‘DeltaCharlie’ – A North Korean DDoS Botnet Malware
June 14, 2017
The United States government has released a rare alert about an ongoing, eight-year-long North Korean state-sponsored hacking operation. The joint report from the FBI and U.S. Department of Homeland Security (DHS) provided details on “DeltaCharlie,” a malware variant used by “Hidden Cobra” hacking group to infect hundreds of thousands of computers globally as part of its ...
- New SEC enforcement chiefs see cyber crime as biggest market threat
June 9, 2017
Hackers are increasingly breaking into brokerage accounts to steal assets or make illegal trades, prompting U.S. securities regulators to start tracking cyber crimes more closely, two newly appointed enforcement officials said in an interview on Thursday. On Thursday, the U.S. Securities and Exchange Commission named Stephanie Avakian and Steven Peikin as new co-directors of enforcement. In an ...
- Federal task force: Here’s how to fix healthcare cybersecurity
June 6, 2017
A federal task force released its long-awaited cybersecurity recommendations report Friday evening. The far-reaching report from the Health Care Industry Cybersecurity Task Force was mandated by the Cybersecurity Act of 2015. The task force convened 21 wide-ranging stakeholders in medical cybersecurity, ranging from device manufacturers to hospitals to consumer advocates. Workforce issues are the “most foundational problem” for ...