The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- APT40 Advisory PRC MSS tradecraft in action
July 8, 2024
The PRC state-sponsored cyber group has previously targeted organisationsin various countries, including Australia and the United States, and the techniques highlighted below are regularly used by other PRC state-sponsored actors globally. Therefore, the authoring agencies believe the group, and similar techniquesremain a threat to their countries’ networks as well. The authoring agencies assess that this group ...
- Yet another top US healthcare service provider has been hacked, with patient data exposed
July 4, 2024
Following the likes of ChangeHealthcare, Kaiser, Cencora, and several others during the past few months, another major US healthcare service has reported suffering a cyberattack that resulted in the theft of sensitive patient data. This latest victim is HealthEquity, which was on the receiving end of an apparent supply chain attack. In an 8-K form, filed ...
- Europol coordinates global action against criminal abuse of Cobalt Strike
July 3, 2024
Law enforcement has teamed up with the private sector to fight against the abuse of a legitimate security tool by criminals who were using it to infiltrate victims’ IT systems. Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol’s headquarters between 24 and 28 June. ...
- Apple IDs Targeted in US Smishing Campaign
July 2, 2024
Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases. Additionally, Apple’s strong brand reputation makes users more susceptible to trusting deceptive communications ...
- DHS Announces $18.2 Million In First-Ever Tribal Cybersecurity Grant Program Awards
July 1, 2024
WASHINGTON — Today, the Department of Homeland Security (DHS), through the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA), announced more than $18.2 million in Tribal Cybersecurity Grant Program (TCGP) awards to assist Tribal Nations with managing and reducing systemic cyber risk and threats. These are the first-ever Tribal Cybersecurity Grants ...
- The US Wants to Integrate the Commercial Space Industry With Its Military to Prevent Cyber Attacks
June 29, 2024
The US military recently launched a groundbreaking initiative to strengthen ties with the commercial space industry. The aim is to integrate commercial equipment into military space operations, including satellites and other hardware. This would enhance cybersecurity for military satellites. As space becomes more important to the world’s critical infrastructure, the risk increases that hostile nation-states will ...