The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- NSA Admits They’re Reviewing Government Use of Kaspersky Software
May 13, 2017
Kaspersky Lab is stuck in the middle of a rather nasty fight between Washington and Moscow as the Russian-based anti-virus provider is being investigated by the US intelligence agencies. Following news that US officials were more and more concerned about how Russian spies could use Kaspersky’s software to spy on Americans and sabotage US systems, the ...
- Wikileaks Unveils CIA’s Man-in-the-Middle Attack Tool
May 5, 2017
Wikileaks has published a new batch of the Vault 7 leak, detailing a man-in-the-middle (MitM) attack tool allegedly created by the United States Central Intelligence Agency (CIA) to target local networks. Since March, WikiLeaks has published thousands of documents and other secret tools that the whistleblower group claims came from the CIA. This latest batch is the ...
- Air Force knocking down stovepipes to shore up space cybersecurity
May 3, 2017
Cybersecurity is a growing concern for everyone who relies computers. The U.S. Air Force Space and Missile Systems Center (SMC) faces unique challenges, however, because it uses an extensive array of ground systems that in some cases are decades old to communicate with the individual satellites and constellations the U.S. military relies on during peacetime ...
- Pentagon Challenges White Hats with New “Hack the Air Force” Bug Bounty Program
April 27, 2017
The Pentagon is launching its largest bug bounty project thus far, this time asking hackers to find flaws in the Air Force’s platforms. “Hack the Air Force” will be open not only to experts in the United States but also from the United Kingdom, Canada, Australia, and New Zealand, or, in other words, what we’ve come ...
- DOE releases results of energy cybersecurity emergency exercise
April 25, 2017
The U.S. Department of Energy (DOE) recently released the findings and recommendations from Liberty Eclipse, a multi-state cyber-energy preparedness exercise hosted by DOE and the National Association of State Energy Officials (NASEO) in December 2016. The exercise simulated a cyber attack on the energy infrastructure, including electricity, gasoline, jet fuel, heating oil, and other energy services, ...
- NSA’s DoublePulsar Kernel Exploit In Use Internet-Wide
April 24, 2017
If you’re on a red team or have been on the receiving end of a pen-test report from one, then you’ve almost certainly encountered reports of Windows servers vulnerable to Conficker (MS08-067), which has been in the wild now for nearly 10 years since the bug was patched. A little more than two weeks after the ...