Tag Archive for: Contractor

Former Contractor Employee Charged for Hacking California Water Treatment Facility

/in


A 53-year-old man from Tracy, California, has been charged for allegedly hacking into the systems of a water treatment facility in an attempt to delete critical software.

The suspect, Rambler Gallo, has been charged with “transmitting a program, information, code, and command to cause damage to a protected computer”, but this is a case of unauthorized access rather than actual hacking. 

Gallo worked for a company contracted by the town of Discovery Bay in California to operate its water treatment facility, which serves 15,000 residents. 

He worked at the company between 2016 and the end of 2020, and during this time he allegedly installed software that allowed him to access the facility’s systems from his personal computer. 

After he resigned in January 2021, he used that remote access software to enter the water facility’s systems and “transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels,” according to a press release from authorities in the Northern District of California. 

Gallo faces up to 10 years in prison and a $250,000 fine. 

It’s not uncommon for water facilities to be targeted, including by former employees. One of the most well-known incidents involves the water plant in Oldsmar, Florida. While initially it was believed that malicious hackers had tried to poison the water supply, recent reports said the incident did not involve any hacking and it may have actually been the result of human error. 

Advertisement. Scroll to continue reading.

Related: US Says National Water Supply ‘Absolutely’ Vulnerable to Hackers

Related: Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison

Related: Former Cisco Employee Sentenced to Prison for Webex Hack

Related: Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems

Source…

Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor

/in


The LockBit ransomware group claims to have stolen valuable SpaceX files after breaching the systems of piece part production company Maximum Industries.

The Texas-based Maximum Industries specializes in waterjet and laser cutting and CNC machining services, and advertises itself as a contract manufacturing facility. 

The LockBit hackers claim Elon Musk’s rocket and spacecraft maker SpaceX uses Maximum Industries services. They also claim that on Maximum Industries’ systems they found roughly 3,000 “drawings certified by space-x engineers”, which they plan on selling through an auction.

SecurityWeek has reached out to both SpaceX and Maximum Industries for comment, but none of them have responded. 

While Maximum Industries may have been hacked, it’s not uncommon for cybercrime groups to make exaggerated claims regarding the impact of their attacks or the value of the data they have obtained. 

The LockBit ransomware operation was launched in 2019 and it has been evolving ever since. The cybercriminals, believed to be operating out of Russia, exploit unpatched vulnerabilities, rely on insiders, or acquire access from specialized groups to gain access to victim systems. Once they have access, they collect valuable data, after which they deploy file-encrypting malware. 

For more than a year now, LockBit has been the most active ransomware operation. To date it has targeted well over 1,000 organizations, including major companies such as German car parts giant Continental.

Related: New ‘Exfiltrator-22’ Post-Exploitation Framework Linked to Former LockBit Affiliates

Related: Russian National Arrested in Canada Over LockBit Ransomware Attacks

Related: LockBit Ransomware Site Hit by DDoS Attack as Hackers Start Leaking Entrust Data

Source…

BlackCat malware lashes out at US defense IT contractor • The Register

/in


In Brief The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense.

DarkFeed, which monitors the dark web for ransomware intelligence, tweeted this week that BlackCat had added NJVC to its victims’ list, along with sharing a screenshot allegedly of ALPHV’s blog notifying NJVC that it had stolen data during its intrusion. 

“We strongly recommend that you contact us to discuss your situation. Otherwise, the confidential data in our possession will be released in stages every 12 hours. There is a lot of material,” ALPHV said, per the screenshot.

Interestingly enough, ALPHV’s website went offline shortly after providing proof of the security breach, according to a tweet from malware watchers VX-Underground.

According to other sources, BlackCat’s website has since come back online, with NJVC’s entry conspicuously absent. Maybe someone realized publishing US Department of Defense data was a bad long-term career move? Or some agreement was come to.

BlackCat, which is also the name of the group’s signature malware coded in Rust, has apparently attacked 60 organizations around the globe since first appearing on the scene in late 2021. BlackCat, the ransomware, has been a prevalent part of the ransomware-as-a-service economy in its year of operation, Microsoft said, due to the choice of programming language. 

“By using a modern language for its payload, this ransomware attempts to evade detection, especially by conventional security solutions,” Microsoft said. BlackCat has been seen targeting Windows, Linux, and VMware installations, Redmond said.

US Cold War spies hid Russian bugs where?

A stack of 1980s KGB documents obtained by a US journalist provides an interesting window into spy technology during the peak of the…

Source…

The Truth About Cyber Security Insurance – What They Don"t Want You To Know

/in