The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware.
This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Coverage Advisory for CVE-2023-50164: Apache Struts Path Traversal and File Upload Vulnerability
December 18, 2023
CVE-2023-50164 is a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers. After successful exploitation, an attacker can achieve Remote Code Execution (RCE) on the target server. An attacker exploiting such a vulnerability can access, upload, or modify important files, steal sensitive information, disrupt critical services, or move laterally on ...
- #StopRansomware: Play Ransomware
December 18, 2023
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint CSA to disseminate the Play ransomware group’s IOCs and TTPs identified through FBI investigations as recently as October 2023. Since June 2022, the Play (also known as Playcrypt) ransomware group ...
- Defense Contractor Austal USA Confirms a Cyber Attack by Hunters International Ransomware Group
December 15, 2023
Australian-based American defense contractor Austal USA has confirmed a cyber attack after the Hunters International ransomware group listed the company and shared samples of the stolen data as proof. Austal USA is a Contractor for the US Department of Defense (DOD) and the Department of Homeland Security (DHS), undertaking major U.S. Navy shipbuilding programs. With five ...
- USAF cracks down on ‘need to know’ violations in wake of Discord leaks
December 12, 2023
Just because you’re cleared for secrets doesn’t mean you have a “need to know” them. After hundreds of classified documents were leaked earlier this year, the U.S. Air Force is trying to ensure that airmen clear both bars before they access sensitive information. The service has “implemented several reforms to improve procedures related to need to ...
- Russian diplomat accuses West of patronizing Ukrainian IT army that commits cybercrime
December 12, 2023
The US-led West supervises Ukraine’s so-called IT army that may be responsible for cybercrime, Russia’s representative Irina Tyazhlova said on Monday. Addressing a meeting of the UN Open-ended Working Group (OEWG) on security of and in the use of information and telecommunication technologies (ICTs), she said: “Other numerous malicious activities with the use of ICTs were ...
- US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack
December 11, 2023
Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is the city’s third-largest private employer. The organization has more than 20,000 employees, and more than 3,000 ...