Darkside ransomware gang says it lost control of its servers & money a day after Biden threat
A day after US President Joe Biden said the US plans to disrupt the hackers behind the Colonial Pipeline cyberattack, the operator of the Darkside ransomware said the group lost control of its web servers and some of the funds it made from ransom payments.
15% of 2020 ransomware payments carried a sanctions violations risk
Around one in six ransomware payments in 2020 were made to ransomware gangs that had some sort of connection to a US-sanctioned entity.
Biden: No evidence Russian government is involved in Colonial ransomware attack
At a press conference today, President Joe Biden said the US intelligence community has no evidence that the Russian government had any kind of involvement in the ransomware attack that crippled one of the US’ largest fuel supply pipelines last week.
Ransomware gang leaks court and prisoner files from Illinois Attorney General Office
The operators of the DopplePaymer ransomware have leaked a large collection of files from the Illinois Office of the Attorney General after negotiations have broken down and officials refused to pay a ransom demand, The Record has learned.
Ransomware gang threatens to expose police informants if ransom is not paid
A ransomware gang is threatening to leak sensitive police files that may expose police investigations and informants unless the Metropolitan Police Department of the District of Columbia agrees to pay a ransom demand.
Chinese hackers used Pulse Secure VPN zero-day to breach US defense contractors
Two hacking groups, including at least one confirmed Chinese cyber-espionage outfit, have used a new zero-day vulnerability in Pulse Secure VPN equipment to gain a foothold inside the networks of US defense contractors and government organizations across the world.
CISA, FBI, NSA reveal five enterprise bugs exploited by Russia’s APT29 group
Three US security agencies have published on Thursday a joint advisory to expose and draw attention to five vulnerabilities in popular enterprise equipment that have and are still being abused by Russian state hackers to breach corporate and government networks.
White House formally blames Russian intelligence service SVR for SolarWinds hack
In a press release today announcing a broad set of sanctions against the Russian government, the Biden administration has formally named the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds Orion supply chain attack.
FBI operation removed web shells from hacked Exchange servers across the US
The US Department of Justice announced today that a US judge granted the FBI the authority to log into web shells planted by hackers on Exchange email servers across the US and remove the malware as part of a mass-uninstall operation.
US says APTs are using Fortinet bugs to gain initial access for future attacks
In a joint security alert published today, on Friday, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said they’d observed multiple state-sponsored hacking groups scanning the web for Fortinet devices in order to find and gain access to sensitive networks so they could launch future attacks.