You’re going to see some incredible media bias with the Synnovis ransomware incident as it impacts southern hospitals - whereas NHS Dumfries and Galloway are several months into their ongoing ransomware incident and barely any coverage. #threatintel
Reported 5 malicious #Python packages to #PyPI: numberpy, tqmmd, pandans, openpyexl, reqwestss all by the same user leemay1782.
All with the same "functionality", getting commands via a socket from dzgi0h7on1jhzdg0vknw9pp9309rxjl8.oastify[.]com and executing it.
I don't think I saw the setup.py entry_points being used as a trigger mechanism before?
Have a look, see what you think. How could I make it more useful to you?
It's generated using a custom-made graph-network abstraction layer I wrote in Python and then pulling some publicly available JSON-files for the Intrusion Sets and Techniques.
A couple of days ago, LockBit had published an entry on their leaksite titled "telekom.com". I asked the Telekom press corps and they denied any incident.
Yesterday, LB also published the data allegedy from Telekom. I had a look at the files. So far, it seems that nothing in the 1.2GByte directory on their file share has anything to do with Deutsche Telekom. It seems that in fact, they breached a client PC owned by a non-profit in Hamburg.
@GossiTheDog Telekom: "ich hatte die Fragen schon unter Gossis Beitrag im Fediverse gesehen. Die Situation war anfangs etwas unübersichtlich, weil offenbar Trittbrettfahrer auf das Thema eingestiegen sind. Jetzt kann ich dazu sagen:
Auf einer Website, die von einer Gruppierung mit dem Namen LockBit as-a-Service betrieben wird, sind die Namen von 40 Unternehmen veröffentlicht worden, denen Daten gestohlen worden sein sollen. "
1/2