The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US airline industry quietly selling flight data to DHS
June 11, 2025
A data broker owned by some of America’s biggest airlines has been selling access to customer flight data to the US Department of Homeland Security (DHS). The data, compiled by data broker Airlines Reporting Corporation (ARC), includes names, flight itineraries, and financial details. It also covers flights booked via US travel agencies. ARC makes this data ...
- US government’s vaccine website defaced with AI-generated content
June 11, 2025
A U.S. government website designed to inform the public about vaccines has been defaced and now hosts apparently AI-generated spam. The domain, which belongs to the U.S. Department of Health and Human Services (HHS), appears to have been hosting the same kind of content — mostly gay-themed and LGBTQ+ posts — since at least May 12, ...
- Major US grocery distributor warns of disruption after cyberattack
June 9, 2025
United Natural Foods (UNFI), a major distributor of groceries to Whole Foods and other retailers, said on Monday that it was hit by a cyberattack, warning of disruptions to its ability to fulfill and distribute customer orders. UNFI said in a Monday filing with the U.S. Securities and Exchange Commission that it became aware of unauthorized ...
- Texas: Drivers’ data compromised in TxDOT data breach of nearly 300,000 crash reports
June 6, 2025
The Texas Department of Transportation said it is reaching out to Texans whose personal data was compromised during a data breach that led to the improper download of nearly 300,000 crash reports. Personal data included in crash reports includes: full names, mailing and/or physical addresses, driver license numbers, license plate numbers, car insurance policy numbers and ...
- More than 3 million records, 12TB of data exposed in major app builder breach
June 5, 2025
Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned. Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building ...
- Ransomware gang claims responsibility for Kettering Health hack
June 4, 2025
A ransomware gang claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all its computer systems. Interlock, a relatively new ransomware group that has targeted healthcare organizations in the U.S. ...