February 29, 2024

CISA: Admin Credentials of a Former Employee Leveraged to Compromise a State Government Organization

Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents with host and user information, including metadata, were posted on a dark web brokerage site. An analysis confirmed that an unknown threat actor compromised network administrator credentials through the account of a […]
May 17, 2023

FBI releases joint advisory against the BianLian ransomware gang

On Tuesday 16th of May 2023, the United States Federal Bureau of Investigation (FBI) released a joint TLP:CLEAR cybersecurity advisory warning organisations of the latest tactics, techniques, and procedures (TTPs) used by the BianLian ransomware group. The advisory highlighted that BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organisations in multiple U.S. critical infrastructure sectors […]
May 17, 2023

ScanSource warns of delays following ransomware attack

On Tuesday 16th of May 2023, a US-based technology provider ScanSource disclosed that they had suffered a ransomware attack that has impacted some of its systems, business operations, and customer portals. The impact has been significant, as it is expected to cause delays in the provision of services to customers in North America and Brazil. ScanSource has stated in a press […]
May 15, 2023

Cisco Talos reveals RA Group ransomware targeting USA and South Korean organisations

On Monday 15th of May 2023, Cisco Talos revealed a new ransomware group named ‘RA Group’ that is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea. The blog post covering the group revealed that their operation started in April 2023, when they launched a data leak site on the dark web on Sunday […]
April 24, 2023

Black Basta claims responsibility for a cyberattack against Yellow Pages Group

Last week, the Black Basta ransomware gang claimed responsibility for a cyberattack against the Yellow Pages Group, a Canadian directory publisher and posted a sample of sensitive documents and data. The posted sample included the following documents: ID documents (such as scans of passports and driver’s licenses) exposing people’s date of birth and address. Tax documents—exposing Social Insurance Number (SIN) Sales and […]
April 15, 2023

BlackCat ransomware claims responsibility for the outage of NCR’s Aloha POS

On Saturday 15th of April 2023, the American software and technology consulting company NCR disclosed that they had suffered an outage since Wednesday at their data centers after being hit by a ransomware attack. The outage resulted in its Aloha point of sale platform being unavailable for its customers to utilize the system. NCR stated that they launched an investigation […]
April 7, 2023

MSI confirms network breach following ransomware attack claims by the Money Message ransomware group

On Friday 7th of April 2023, Micro-Star International (MSI) a Taiwanese PC vendor confirmed that its network was breached in a cyberattack. This confirmation came following claims by the Money Message ransomware gang who has claimed to have breached some of MSI’s systems and had stolen files that they are threatening to leak next week if the company refuses to pay […]
April 6, 2023

Medusa Ransomware group claim attack on Open University of Cyprus

Last week, the Open University of Cyprus (OUC) released an announcement about a cyberattack that had occurred on Monday the 27th of March, that resulted in several central services and critical systems going offline. Following the announcement, the Medusa ransomware group released a posting on its data leak site listing the Open University of Cyprus as a victim. The group has […]
March 23, 2023

The City of Toronto confirm unauthorized access following Clop’s claims

This week has seen the City of Toronto added to Clop’s TOR data leak site following the ongoing GoAnywhere attack spree. The City of Toronto has claimed that they became aware of potential unauthorized access to City data On Monday 20th of March 2023. However, the City of Toronto has confirmed that unauthorized access to City data did occur through […]