The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- 9 months after the largest healthcare breach in history, UnitedHealth subsidiary back online
November 22, 2024
Change Healthcare—a subsidiary of the global health company UnitedHealth Group — has restored its medical billing services nine months after suffering an unprecedented ransomware attack that left providers with serious cashflow problems, threatened access to care, and leaked sensitive information onto the dark web. Change Healthcare, one of the largest health payment processing companies in the ...
- Elon Musk to British MPs: I’ll summon you, actually
November 21, 2024
Elon Musk is beefing with British politicians again — and they’re not impressed. The X owner and Donald Trump ally brushed off a call from the House of Commons’ science and technology committee to answer questions on his role in riots that swept the U.K. this summer. Committee chair Chi Onwurah told POLITICO this week that ...
- US charges five in ‘Scattered Spider’ hacking scheme
November 20, 2024
U.S. prosecutors unveiled criminal charges on Wednesday against five alleged members of Scattered Spider, a loose-knit community of hackers suspected of breaking into dozens of U.S. companies to steal confidential information and cryptocurrency. Martin Estrada, the U.S. Attorney in Los Angeles, said the defendants conducted phishing attacks by sending bogus but real-looking mass text messages to ...
- Ex-South Korean defence chief, officials accused of THAAD data leak to China
November 20, 2024
A former South Korean defence minister and three other senior officials who served in the previous Moon Jae-in administration have been accused of leaking intelligence on a US-built missile system to activists and China. The state auditor alleged that Jeong Kyeong-doo, ex-national security adviser Chung Eui-yong and two high-ranking officers passed information on the Terminal High ...
- Space tech giant Maxar confirms hacker accessed employees’ personal data
November 18, 2024
U.S. space technology and satellite giant Maxar has confirmed a data breach involving the personal information of its employees, according to a filing with state regulators. The Colorado-headquartered Maxar operates imaging satellites and manufactures spacecraft, and claims to operate one of the largest commercial satellite constellations on orbit. Maxar has long been a significant provider of ...
- Philippines, US sign military intelligence-sharing deal to counter China
November 18, 2024
The Philippines and the United States have signed a military intelligence-sharing deal, in a further deepening of security ties between the two defence treaty allies as they seek to counter a resurgent China. Secretary of Defense Gilberto Teodoro and his visiting US counterpart Lloyd Austin signed the agreement on Monday during a ceremony at the Department ...