Rapid7 found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware. Rapid7 provided a technical analysis of a BlackHunt sample, describing functionalities and MITRE ATT&CK techniques. IOC provided.
🔗 https://www.rapid7.com/blog/post/2024/02/05/exploring-the-not-so-secret-code-of-blackhunt-ransomware-2/
»In den frühen Morgenstunden des 24.12.2023 ist das gesamte IT-System der Krankenhäuser Franziskus Hospital Bielefeld, Sankt Vinzenz Hospital Rheda-Wiedenbrück und Mathilden Hospital Herford ausgefallen.
Unbekannte haben sich Zugang zu den Systemen der IT-Infrastruktur der Krankenhäuser verschafft und gezielt Daten verschlüsselt. Ein erste Prüfung ergab, dass es sich wahrscheinlich um eine Cyberattacke durch Lockbit 3.0 handelt, deren zeitliche Behebung derzeit noch nicht absehbar ist. Aus Sicherheitsgründen wurden direkt nach Bekanntwerden noch in der Nacht alle Systeme heruntergefahren und alle nötigen Personen und Institutionen informiert.
Zum Ausmaß des Schadens sowie zu eventuellen Forderungen oder Bedingungen können zum jetzigen Zeitpunkt noch keine Angaben gemacht werden. Wir haben noch in der Nacht einen Krisenstab eingerichtet und mit der Analyse der Situation begonnen. Die Zugänge zu allen Syst…«
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #24/2023 is out! It includes, but not only:
→ 🇺🇸 🇨🇳 The US Navy, NATO, and #NASA are using a shady Chinese company’s #encryption chips
→ 🦠 🏢 #Ransomware Group Starts Naming Victims of #MOVEit Zero-Day Attacks
→ ☁️ 🪣 New Supply Chain Attack Exploits Abandoned #S3Buckets to Distribute Malicious Binaries
→ ☁️ #XSS Vulnerabilities in #Azure Led to Unauthorized Access to User Sessions
→ 🇨🇳 🦠 #Barracuda ESG zero-day attacks linked to suspected Chinese hackers
→ 🇷🇺 🇺🇸 Russian national arrested in Arizona, charged for alleged role in #LockBit ransomware attacks
→ 🇷🇺 🇺🇦 Russia-backed hackers unleash new USB-based malware on #Ukraine’s military
→ 🇺🇸 💰 LockBit Ransomware Extorts $91 Million from U.S. Companies
→ 🇷🇺 🇺🇦 #Microsoft identifies new hacking unit within Russian military intelligence
→ 🦠 Fake Researcher Profiles Spread #Malware through #GitHub Repositories as PoC Exploits
→ 🎣 👟 Massive #phishing campaign uses 6,000 sites to impersonate 100 brands
→ 🇨🇳 Chinese Cyberspies Caught Exploiting #VMware ESXi #ZeroDay
→ 🩹 Microsoft #PatchTuesday, June 2023 Edition
→ ☁️ Microsoft: Azure Portal #outage was caused by traffic “spike”
→ 🇨🇳 🇺🇸 #China's cyber now aimed at infrastructure, warns CISA boss
→ 🇰🇷 🇨🇳 Ex-Samsung executive alleged to have stolen tech to recreate chip plant in China
→ 🇨🇭 🗄️ Swiss Fear Government Data Stolen in Cyberattack
→ 🩹 🔐 #Fortinet fixes critical RCE flaw in #Fortigate SSL-VPN devices, patch now
📚 This week's recommended reading is: "The Cyber Effect: An Expert in Cyberpsychology Explains How Technology Is Shaping Our Children, Our Behavior, and Our Values — and What We Can Do About It" by Prof Mary Aiken
Subscribe to the #newsletter to have it piping hot in your inbox every Sunday ⬇️
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #35/2023 is out! It includes the following and much more:
➝ 🔓 🏌🏻♂️Golf gear giant #Callaway data breach exposes info of 1.1 million
➝ 🔓👕 Forever 21 data breach affects half a million people
➝ 🔓 🤦🏻♂️ #LogicMonitor customers hit by hackers, because of default passwords
➝ 🇺🇸 ⚖️ Lawsuit Accuses University of Minnesota of Not Doing Enough to Prevent #DataBreach
➝ 🎬 🔓 #Paramount discloses data breach following security incident
➝ 🏥 🔓 #Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
➝ 🇺🇸 🌎 #Microsoft joins a growing chorus of organizations criticizing a #UN cybercrime treaty
➝ 🇺🇸 🦠 U.S. Hacks #QakBot, Quietly Removes Botnet Infections
➝ 🇷🇺 🇺🇦 #Russia targets #Ukraine with new Android #backdoor, intel agencies say
➝ 🇷🇺 🕵🏻♂️ Unmasking #Trickbot, One of the World’s Top Cybercrime Gangs
➝ 🇨🇳 👀 ‘Earth Estries’ #Cyberespionage Group Targets Government, Tech Sectors
➝ 🇨🇳 Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
➝ 💸 🇪🇺 Pay our ransom instead of a #GDPR fine, #cybercrime gang tells its targets
➝ 🇺🇸 🇨🇳 #Meta: Pro-Chinese influence operation was the largest in history
➝ 🇪🇸 📸 Spain warns of #LockBit Locker ransomware phishing attacks
➝ 🇵🇱 🚂 Two Men Arrested Following #Poland Railway Hacking
➝ 🇰🇵 🐍 #Lazarus hackers deploy fake #VMware PyPI packages in #VMConnect attacks
➝ 💸 #Classiscam fraud-as-a-service expands, now targets banks and 251 brands
➝ 💬 🎠 Trojanized #Signal and #Telegram apps on Google Play delivered spyware
➝ 🦠 📄 MalDoc in PDFs: Hiding malicious Word docs in PDF files
➝ 🇧🇷 👀 A Brazilian phone #spyware was hacked and victims’ devices ‘deleted’ from server
➝ 👨🏻💻 🔐 #GitHub Enterprise Server Gets New Security Capabilities
➝ 🚗 💰 Over $1 Million Offered at New #Pwn2Own#Automotive Hacking Contest
➝ 🩹 #Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence
➝ ⛏️ 🔓 Recent #Juniper Flaws Chained in Attacks Following #PoC Exploit Publication
📚 This week's recommended reading is: "Spam Nation: The Inside Story of Organized Cybercrime―from Global Epidemic to Your Front Door" by @briankrebs
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #46/2023 is out! It includes the following and much more:
➝ 🔓 🇯🇵 #Toyota confirms breach after Medusa #ransomware threatens to leak data
➝ 🇺🇸 😂 Ransomware gang files #SEC complaint over victim’s undisclosed #breach
➝ 🔓 🪶 Attackers claim Plume Design, Inc data breach
➝ 🇺🇸 💰 #ICBC paid ransom after hack that disrupted markets, #cybercriminals say
➝ 🔓 #Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party
➝ 🔓 ✈️ Hackers swipe Booking.com, damage from attack is global
➝ 🇷🇺 🇺🇦 Russian #CyberEspionage Group Deploys #LitterDrifter USB #Worm in Targeted Attacks
➝ 🇮🇱 🇺🇸 Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US
➝ 🇫🇮 ⚖️ Alleged Extortioner of Psychotherapy Patients Faces Trial
➝ 🇺🇸 💸 #LockBit ransomware exploits #CitrixBleed in attacks, 10K servers exposed
➝ 🇺🇸 ⚖️ #IPStorm botnet with 23,000 proxies for malicious traffic dismantled
➝ 👶🏻 🧨 Teens with “digital bazookas” are winning the ransomware war, researcher laments
➝ 💸 #Ethereum feature abused to steal $60 million from 99K victims
➝ 🇩🇰 🇷🇺 #Denmark Hit With Largest #Cyberattack on Record
➝ 🇨🇳 🇰🇭 Chinese Hackers Launch Covert #Espionage Attacks on 24 Cambodian Organizations
➝ 🇲🇾 Major Phishing-as-a-Service Syndicate '#BulletProofLink' Dismantled by Malaysian Authorities
➝ 🇪🇺 🥳 EU Parliament committee rejects mass scanning of private and encrypted communications
➝ 🩹 #ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
➝ 🦠 🐍 27 Malicious #PyPI Packages with Thousands of Downloads Found Targeting IT Experts
🇻🇳 🇮🇳 Vietnamese Hackers Using New #Delphi-Powered #Malware to Target Indian Marketers
➝ 🔐 #Google Adds #Passkey Support to New Titan Security Key
➝ 🐛 Zero-Day Flaw in #Zimbra Email Software Exploited by Four Hacker Groups
➝ 🩹 #SAP Patches Critical Vulnerability in Business One Product
➝ 🐛 New #Reptar CPU flaw impacts Intel desktop and server systems
➝ 🐛 New #CacheWarp AMD #CPU attack lets hackers gain root in Linux VMs
📚 This week's recommended reading is: "Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World" by @marcusjcarey and Jennifer Jin
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
US Treasury sanctions #ransomware operator for "role in launching cyberattacks against U.S. law enforcement, businesses, and critical infrastructure." Reward of up to $10 million offered. #LockBit#Hive#Babuk
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #16/2023 is out! It includes, but not only:
-EvilExtractor #malware activity spikes in Europe and the U.S.
-North Korean #3CX Hackers Also Hit Critical Infrastructure Orgs
-China building cyberweapons to hijack enemy satellites, says US leak
-#GitHub Announces New Security Improvements
-Air Force Unit in Document Leaks Case Loses Intel Mission
-Russian hackers exfiltrated data from from #Capita over a week before outage
-#Lazarus hackers now push Linux malware via fake job offers
-3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
-#Fortra shares findings on #GoAnywhere MFT zero-day attacks
-#Google TAG Warns of Russian Hackers Conducting Phishing Attacks in #Ukraine
-Google patches another actively exploited #Chrome zero-day
-#Microsoft: Iranian hackers behind retaliatory cyberattacks on US orgs
-#Goldoson#Android Malware Infects Over 100 Million Google Play Store Downloads
-Takedown of GitHub Repositories Disrupts RedLine Malware Operations
-Microsoft has shifted to a new naming taxonomy for threat actors
-#YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader
-#Apple’s high security mode blocked NSO #spyware, researchers say
-#Trigona#Ransomware Attacking MS-SQL Servers
-#WhatsApp and other encrypted messaging apps unite against UK law plan
-Mom Says Daughter's Voice Was Cloned with AI in $1 Million Kidnapping #Hoax
-#LockBit ransomware encryptors found targeting Mac devices
📚 This week's recommended book is "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" by Michael Sikorski and Andrew Honig.
Subscribe to the #newsletter to have it piping hot in your inbox every Sunday ⬇️
The D.C. Department of Insurance, Securities and Banking #DISB said recent #LockBit data theft claims were related to an attack on third-party software provider Tyler Technologies
📢 Days after its takedown, the #LockBit ransomware has announced its return with threats of more aggressive attacks, along with a lengthy message and taunts directed at the #FBI.
The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000.
All this and much much more is discussed in the latest edition of the @smashingsecurity podcast with yours truly and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.
LockBit says they stole data in London Drugs ransomware attack
the LockBit ransomware gang claimed they were behind the April cyberattack on Canadian pharmacy chain London Drugs and is now threatening to publish stolen data online after allegedly failed negotiations
A couple of days ago, LockBit had published an entry on their leaksite titled "telekom.com". I asked the Telekom press corps and they denied any incident.
Yesterday, LB also published the data allegedy from Telekom. I had a look at the files. So far, it seems that nothing in the 1.2GByte directory on their file share has anything to do with Deutsche Telekom. It seems that in fact, they breached a client PC owned by a non-profit in Hamburg.