Rhysida ransomware gang claimed China Energy hack

/in


Rhysida ransomware gang claimed China Energy hack

Pierluigi Paganini
November 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.

The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site.

The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors.

One of the country’s largest integrated energy companies, it holds a prominent position in the industry.

CEEC actively participates in developing and constructing a diverse range of energy projects, encompassing coal, hydropower, nuclear, and renewable energy initiatives.

It also engages in international projects, contributing to the global energy landscape.

The ransomware group claims to have stolen a substantial trove of ‘impressive data’ and is auctioning it for 50 BTC. The Rhysida ransomware operators plan to sell the stolen data to a single buyer. The gang will publicly release the data over the seven days following the announcement.

Recently, the Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site.

Last week, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks. The advisory is part of the ongoing #StopRansomware effort, disseminating information about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

The report includes IOCs and TTPs identified through investigations as recently as September 2023.

The Rhysida ransomware group has been active since May 2023. According to the gang’s Tor leak site, at least 62 companies are victims of the operation.

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.”

“Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information…

Source…