February 29, 2024

CISA: Admin Credentials of a Former Employee Leveraged to Compromise a State Government Organization

Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents with host and user information, including metadata, were posted on a dark web brokerage site. An analysis confirmed that an unknown threat actor compromised network administrator credentials through the account of a […]
March 23, 2023

The City of Toronto confirm unauthorized access following Clop’s claims

This week has seen the City of Toronto added to Clop’s TOR data leak site following the ongoing GoAnywhere attack spree. The City of Toronto has claimed that they became aware of potential unauthorized access to City data On Monday 20th of March 2023. However, the City of Toronto has confirmed that unauthorized access to City data did occur through […]
April 21, 2022

FBI releases flash alert against the BlackCat ransomware gang

On Tuesday 19th of April 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE flash alert which revealed the BlackCat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide as of March 2022. The FBI also stated the BlackCat ransomware gang has been the first ransomware group to have […]
January 24, 2022

Hacktivist group claims attack on Belarusian Railway in protest of Russia activity in Belarus

On Monday 24th of January 2022, the hacktivist group Belarusian Cyber-Partisans claimed to have encrypted the servers belonging to the Belarusian Railway, Belarus’s national state-owned railway company in protest of Russia using Belarusian Railway’s rail transport network to move military units and equipment into the country. “We encrypted some of BR’s servers, databases and workstations to disrupt its operations. Automation […]
January 15, 2022

Russian police raids against REvil ransomware gang members results in seizure of $6.6 million

On Friday 14th of January 2022, the Federal Security Service of the Russian Federation (FSB) in cooperation with the Investigation Department of the Ministry of Internal Affairs of Russia conducted police raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions, which were linked to 14 members of REvil ransomware gang.  The raids resulted […]
December 10, 2021

80,000 Australian government employees impacted by ransomware attack on Frontier Software

On Thursday 9th of December 2021, South Australian government disclosed that the sensitive personal information belonging to up to 80,000 Australian government employees have been compromised following a ransomware attack that targeted the systems of Frontier Software who are responsible for the South Australian government’s payroll software. “The ongoing forensic investigation and other response activities conducted by Frontier Software and CyberCX has now […]
December 3, 2021

FBI releases flash alert against the Cuba ransomware gang

On Thursday 2nd of December 2021, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE flash alert which revealed the Cuba ransomware gang have compromised at least 49 organizations in five critical infrastructure sectors, including the financial, government, healthcare, manufacturing, and information technology sectors. The FBI also revealed that the Cuba ransomware variant is commonly distributed through […]
November 22, 2021

Joint advisory released by FBI and CISA in preparation for the upcoming holiday season

On Monday 22nd of November 2021, Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA), released a joint cybersecurity advisory where they warned of upcoming spikes in cyberattacks as the holiday season approaches. The advisory was aimed at all organisations although it had a heavy emphasis on critical networks, systems and infrastructure. The CISA and FBI also emphasised a caution […]
November 2, 2021

FBI warn ransomware gangs are targeting companies during time-sensitive financial events

On Monday 1st of November 2021, the United States Federal Bureau of Investigation (FBI) released a TLP: WHITE private industry notification where they warned that threat actors from ransomware gangs are starting to target companies that involved in significant, time-sensitive financial events like corporate mergers and acquisitions in the hope that these events will encourage these target companies to pay […]