Tag Archive for: blamed

UnitedHealth Blamed ‘Nation-State’ Threat in Hack That Disrupted Pharmacy Orders

/in


(Bloomberg) — A cyberattack against a division of UnitedHealth Group Inc. has caused a nationwide outage of a computer network that’s used to transmit data between health-care providers and insurance companies, rendering some pharmacies unable to process prescriptions, according to the company and reports from affected organizations.

Most Read from Bloomberg

UnitedHealth found a “suspected nation-state associated cyber security threat actor” had access to subsidiary Change Healthcare’s systems on Feb. 21, prompting the company to disconnect them from other parties, the company said in a filing Thursday.

UnitedHealth, the country’s largest health insurer, said in a statement Thursday that the cyberattack and related “network interruption” only impacted Change Healthcare and that all its other systems are operational. Change Healthcare is a key intermediary in the $1.5 trillion US health insurance market.

UnitedHealth is working with law enforcement and security experts but can’t say when the service will be restored, according to the filing. The company hasn’t determined that the attack is likely to affect its financial results, it said.

“Change Healthcare is experiencing a cybersecurity issue, and our experts are working to address the matter,” the Minnetonka, Minnesota-based company said earlier in a statement on its website. “Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact.”

The incident is the latest in a series of attacks where hackers have compromised providers of back-end IT software and services — companies that are often little-known outside of their industries yet play critical roles in the normal functioning of everything from financial markets to government services — and triggered cascading disruptions across their customer bases.

Last month, for example, a ransomware attack against Tietoevry Oyj, a Finnish information technology company, crippled payroll and other services for government agencies and hospitals, retailers, cinemas and other customers throughout Sweden. Three days later, a ransomware…

Source…

Montenegro wrestles with massive cyberattack, Russia blamed

/in


PODGORICA, Montenegro — At the government headquarters in NATO-member Montenegro, the computers are unplugged, the internet is switched off and the state’s main websites are down. The blackout comes amid a massive cyberattack against the small Balkan state which officials say bears the hallmark of pro-Russian hackers and its security services.

The coordinated attack that started around Aug. 20 crippled online government information platforms and put Montenegro’s essential infrastructure, including banking, water and electricity power systems, at high risk.

The attack, described by experts as unprecedented in its intensity and the longest in the tiny nation’s recent history, capped a string of cyberattacks since Russia invaded Ukraine in which hackers targeted Montenegro and other European nations, most of them NATO members.

Sitting at his desk in Montenegro’s capital, Podgorica, in front of a blackened PC screen, Defense Minister Rasko Konjevic said government officials were advised by cyber experts, including a team of FBI investigators that was dispatched to the Balkan state, to go offline for security reasons.

“We have been faced with serious challenges related to the cyberattack for about 20 days, and the entire state system, the system of state administration, and the system of services to citizens are functioning at a rather restrictive level,” Konjevic told The Associated Press.

He said experts from several countries are trying to help restore the Montenegro government’s computer system and find proof of who is behind the attack.

Montenegro officials said the attack that crippled the government’s digital infrastructure was likely carried out by a Russian-speaking ransomware gang that generally operates without Kremlin interference as long as it doesn’t target Russian allies. The gang, called Cuba ransomware, claimed responsibility for at least part of the Montenegro cyberattack, in which it created a special virus for the attack called Zerodate.

Montenegro’s Agency for National Security blamed the attack squarely on Russia.

Russia has a strong motive for such an attack because Montenegro, which it once considered a strong ally, joined NATO in 2017 despite the…

Source…

Ransomware attack blamed for closure of all 7-Eleven stores in Denmark

/in


Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday.

The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack.

Initially, 7-Eleven’s Danish division did not say that ransomware was responsible for its problems, simply describing the incident as a “hacker attack”:

“We suspect that we have been the victim of a hacker attack today. We can’t use the cash registers nor accept payments. We are therefore closed until we know the extent of the attack.”

Jesper Østergaard, the CEO of 7-Eleven Denmark told a local TV station that the first indication that the company had been targeted by hackers came when staff reported that they were unable to process payments:

“The cash registers just stopped working in all the stores and the employees started letting us know. That has never happened before.”

As Bleeping Computer reports, the company has since confirmed that it was targeted by a ransomware attack, and that it is working with police investigators. Many of 7-Eleven’s stores in Denmark have since reopened.

7-Eleven Denmark is not sharing much in the way of technical detail regarding the attack, which means that not only do we not know what family of ransomware might have caused the disruption but we also do not know how it might have entered the organisation in the first place.

For instance, is it possible that all of the country’s 7-Eleven stores were seemingly impacted simultaneously because they were all reliant on the same technology – perhaps provided by a supplier who might themselves have been compromised?

In addition, there is no public word – as yet – about whether the attackers have made any ransom demands, and what 7-Eleven’s position is (Read more…)

Source…

US offers bounty for Sandworm, the Russian hackers blamed for destructive cyberattacks

/in


The U.S. government has stepped up its hunt for six Russian intelligence officers, best known as the state-backed hacking group dubbed “Sandworm,” by offering a $10 million bounty for information that identifies or locates its members.

The Sandworm hackers — who work for a division of Russia’s GRU, the country’s military intelligence division — are known for launching damaging and destructive cyberattacks against critical infrastructure, including food supplies and the energy sector.

Sandworm may be best known for the NotPetya ransomware attack in 2017, which primarily hit computer systems in Ukraine and disrupted the country’s power grid, leaving hundreds of thousands of residents without electricity during the depths of winter. In 2020, U.S. prosecutors indicted the same six Sandworm hackers, who are believed to still be in Russia, for the NotPetya attack, as well as several other attacks that targeted the 2018 PyeongChang Winter Olympics in South Korea and for running a hack-and-leak operation to discredit France’s then-presidential frontrunner Emmanuel Macron.

In a statement this week, the U.S. State Department said the NotPetya attack spilled outside of Ukraine across the wider internet, resulting in close to $1 billion in losses to the U.S. private sector, including medical facilities and hospitals.

Read more

The timing of the bounty comes as U.S. officials warn that Russia-backed hackers, including Sandworm, could be preparing damaging cyberattacks that target businesses and organizations in the United States following Russia’s invasion of Ukraine.

Since the start of the invasion in February, security researchers have attributed several cyberattacks to Sandworm, including the use of “wiper” malware to degrade Viasat’s satellite network that the Ukrainian military heavily relies on. Ukraine’s government said earlier this month it had disrupted another Sandworm attempt to target a Ukrainian energy provider using malware it repurposed from cyberattacks it launched against Ukraine in 2016.

The FBI also this month said it conducted an operation to disrupt a massive botnet that infected thousands of compromised routers, including many located in the U.S., by locking…

Source…