Tag Archive for: attacked

WGRE Reports DePauw Attacked by Black Suit Ransomware Gang

/in


Editor’s NoteThis article was submitted by WGRE News Director Taylor Fleming. The DePauw gives WGRE full credit for this news piece. 

DePauw’s Cyber incident was an attack by the Black Suit Ransomware gang. Black Suit claims to have stolen two-hundred fourteen gigabytes of data. The gang operates by stealing and encrypting data on a compromised network. This story was originally reported by The Record, a news organization run by cybersecurity firm Recorded Future. Last week, DePauw notified many students and parents that their social security numbers and other personal information may have been stolen by an unauthorized third party. This third party has turned out to be Black Suit. According to the US government’s Health Sector Cybersecurity Coordination Center, Black Suit is a relatively new ransomware group that was discovered in early May 2023. However, Black Suit is likely linked to another ransomware group called Royal. Royal was the direct successor of defunct Russian hacker group Conti. The FBI has been assisting DePauw University as they navigate this attack. DePauw has offered impacted students one year of free identity protection services. DePauw University found out about the cyber attack on October 31.

Source…

WhatsApp Spy Mod Malware Attacked Telegram Users Over 340K Times In Oct – BW Businessworld

/in


A malware named “WhatsApp spy mod” has attacked Telegram users more than 3.4 lakh times in October alone. This malware mainly targeted users who communicate in Arabic and Azeri, according to the cybersecurity firm Kaspersky.

The malware enters the devices through third-party WhatsApp mod application, which are generally used for additional features such as scheduled messages and customisable options.

As per the report, such mod applications also contain a malicious spyware module that can compromise users personal data. When installed, such mod WhatsApp application allow the malware to run in the background and gather sensitive information from the infected device, including its IMEI number, phone number, country and network codes and more.

The malware can transfer data every five minutes. It can even record audio from the a device’s microphone and steal data from external storage. 

The highest attacks were recorded in Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt, although the malware also affected users from other countries, including the United States, Russia, the United Kingdom and Germany.

Source…

Foreign hackers attacked IT software to breach U.S. aeronautical organization

/in


Sept. 9 (UPI) — Foreign hackers breached a U.S. aeronautical organization by exploiting vulnerabilities in IT software from the company Zoho, the U.S. government warned Thursday.

The U.S. Cybersecurity and Infrastructure Security Agency published a joint cybersecurity advisory Thursday warning of the threats with the FBI and U.S. Cyber Command.

“This [advisory] provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023,” CISA said in the statement Thursday.

CISA said the hackers, described as “nation-state advanced persistent threat actors,” had gained unauthorized access to the software Zoho ManageEngine ServiceDesk Plus. The exploits are known as “CVE-2022-47966 and CVE-2022-42475.”

“Advance persistent threat actors often scan internet-facing devices for vulnerabilities that can be easily exploited and will continue to do so,” U.S. Cyber Command said in a separate release.

According to the industry publications The Hacker News and Bleeping Computer, the U.S. Cyber Command statement hinted at the involvement of Iranian hackers.

CISA advised all organizations that could be affected to report suspicious or criminal activity to the FBI.

In January, CISA added the CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog, which effectively ordered federal agencies to secure their systems against the particular exploit.

The North Korean state-backed hacker group Lazarus has been exploiting the same vulnerability since earlier this year.

Source…

Hacking group says it attacked Microsoft for Sudan; experts say Russia’s behind it

/in


Mattias Wåhlén, a threat intelligence expert with Stockholm-based Truesec.

Mattias Wåhlén, a threat intelligence expert with Stockholm-based Truesec. (Erika Gerdemark/Bloomberg)

A hacking group responsible for a series of outages at Microsoft earlier this month had spent the previous months attacking targets in Israel, Sweden and other nations, part of an expanding campaign that some cybersecurity researchers have tied to Russia.

“Anonymous Sudan” describes itself as a hacktivist group and says it’s waging cyber strikes out of Africa on behalf of oppressed Muslims worldwide. The group claimed its June 5 distributed denial of service, or DDoS, attacks against Microsoft were retaliation for U.S. policy regarding Sudan’s military conflict. The U.S. is currently trying to broker a peace deal between warring factions.

Some cybersecurity experts have concluded that the group actually operates from Russia and hacks for an entirely different purpose: to advance Moscow’s objectives. “Anonymous Sudan is a Russian information operation that aims to use its Islamic credentials to be an advocate for closer cooperation between Russia and the Islamic world — always claiming that Russia is the Muslims’ friend,” said Mattias Wåhlén, a threat intelligence expert with Stockholm-based Truesec. “This makes them a useful proxy.”

Wåhlén led Truesec’s investigation of Anonymous Sudan and the firm’s February report identifying the group as a front for Russia, an assessment that was corroborated by other security experts who studied the group and its activities. In its few short months in existence, Anonymous Sudan has repeatedly used cyberattacks as a bludgeon to drive home a singular narrative: that the West is hostile to Islam, while Moscow is a friend to the Muslim world, he said.

A representative for Anonymous Sudan denied to Bloomberg News that the group was acting on Russia’s behalf but said their interests were aligned. Anonymous Sudan goes after “everything that is hostile to Islam and all countries that are hostile to Islam are hostile to Russia,” the…

Source…