The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US imposes fresh sanctions over Iranian arms, cyber activity
February 2, 2024
The United States on Friday imposed sanctions targeting Iran’s ballistic missile and drone procurement programmes as well as officials it said were involved in hacking US infrastructure, as Washington looks to increase pressure on Tehran. The US Treasury Department said in a statement on Friday it had imposed sanctions on four Iran- and Hong Kong-based companies ...
- Former CIA employee sentenced to 40 years in prison after carrying out largest data leak in agency’s history
February 1, 2024
A former CIA employee was sentenced to 40 years in prison after carrying out the largest data leak in the agency’s history, the US Attorney’s Office of the Southern District of New York announced Thursday. Joshua Schulte – who was accused of handing over reams of classified data to WikiLeaks in 2016 – was convicted in ...
- Series of cyber attacks risks sensitive data at New Jersey schools, hospitals
January 30, 2024
Class was canceled Monday across the Freehold Township school district, but not for the familiar January troubles of slushy roads, frozen pipes or a busted boiler. No, this was “a cybersecurity event” that ground school business to a halt. District officials disclosed little about what happened, assuring parents in an email they “retained outside IT expert consultants ...
- The NSA buys Americans’ internet data, newly released documents show
January 26, 2024
The National Security Agency has been buying Americans’ web browsing data from commercial data brokers without warrants, intelligence officials disclosed in documents made public by a US senator Thursday. The purchases include information about the websites Americans visit and the apps that they use, said Oregon Democratic Sen. Ron Wyden, releasing newly unclassified letters he received ...
- Kansas City Area Transit Authority hit by ransom cyber-attack, affecting communications
January 26, 2024
The Kansas City Area Transit Authority announced this week that is was hit by a ransom cyber-attack. The incident was reported on Tuesday, Jan. 23. KCATA said all service is operating, including fixed-route buss, Freedom and Freedom-On-Demand paratransit service. KCATA said at this time regional RideKC call centers can’t receive calls or can any KCATA landline. Read ...
- HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft
January 25, 2024
HP Enterprise was infiltrated by a hacking group linked to Russian intelligence last year, the business IT company has revealed in a Securities and Exchange Commission filing. The threat actor is believed to be Midnight Blizzard, also known as Cozy Bear, which was the same group that recently breached the email accounts of several senior executives ...