The LockBit 3.0 ransomware group on Monday leaked 600 gigabytes of critical data stolen from Indian lender Fullerton India two weeks after the group demanded a $3 million ransom from the company. The stolen data includes "loan agreements with individuals and legal companies."
Researchers found Android malware masquerading as a legitimate application available and downloaded over 620,000 times from the Google Play store. The apps have been active since 2022, posing as legitimate photo-editing apps, camera editors and smartphone wallpaper packs.
Chinese APT group Mustang Panda is deploying a previously unseen malware backdoor dubbed MQsTTang as part of a spear-phishing campaign targeting governmental organizations, specifically in Ukraine and Taiwan, security firm Eset says. The malware is currently being spread as RAR files, it adds.
Threat actors actively targeting multinational clients of data center outsourcers and help desk providers in China and Singapore are posting stolen credentials for sale on data leak sites, and cybersecurity firm Resecurity says these actions could be part of a nation-state cyberespionage campaign.
Asia-Pacific healthcare sector organizations struggle with many of the same cybersecurity challenges as clinics in other parts of the world, including ransomware threats and denial-of-service attacks, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.
Microsoft blamed an internal network configuration change for outages that disrupted access to Microsoft 365 services, including Microsoft Teams and Outlook, for users around the world. The change has been rolled back and additional infrastructure added to speed restoration, it says.
Researchers have linked Chinese advanced persistent threat group Playful Taurus, also known as Vixen Panda and Nickel, to a series of attacks against Iranian organizations between July and December 2022. The group recently updated its toolkit to include a new variant of the Turian backdoor.
Posing as leading banks, the North Korea-backed BlueNoroff group is evading Microsoft Windows' Mark of the Web security measure to help infect machines with malware. Hackers are refining their techniques for bypassing MOTW, which warns users when they try to open a file downloaded from the internet.
A North Korean state-sponsored APT group targeted nearly 900 foreign policy experts from South Korea to steal their personal data and carry out ransomware attacks. Targeted individuals mainly had backgrounds in diplomacy, defense and security and were working toward Korean unification.
Microsoft says vulnerabilities in outdated web servers are likely responsible for a cyberattack last month against Indian energy giant Tata Power. Attackers targeted Boa servers, which were discontinued in 2005, to potentially compromise Tata and other critical infrastructure organizations around the world.
China again accused the United States of cyberespionage as it seeks to reframe the global narrative on hacking. China's status as the world's worst cyber thief "annoys them tremendously," says Jim Lewis of CSIS. Beijing says it caught the NSA hacking into Northwestern Polytechnical University.
Chinese intelligence is conducting cyberespionage campaigns targeting corporations involved with energy extraction in the South China Sea, researchers say. Proofpoint and PwC conclude with moderate confidence the campaign is the work of the threat actor known as TA423 or Red Ladon.
This edition of the ISMG Security Report analyzes the latest ransomware trends from the European Union Agency for Cybersecurity, findings from the first-ever Cyber Safety Review Board on the Log4j incident, and how security and privacy leaders are harmonizing new U.S. privacy laws.
Thales plans to enter the customer identity and access management market through its purchase of an emerging European CIAM player. The French firm plans to capitalize on OneWelcome's strong product by extending its footprint beyond Europe and into North America and Asia-Pacific.
"We came up with a structured, documented approach to respond to mitigating the Log4j vulnerability using the EDR scanning tools along with a code validation, containerization, and sandboxing of our applications and networks," says Ian Keller, security director at Ericsson.