Tag Archive for: Corp

INC RANSOM ransomware gang claims to have breached Xerox Corp

/in


INC RANSOM ransomware gang claims to have breached Xerox Corp

Pierluigi Paganini
December 30, 2023

The INC RANSOM ransomware group claims to have hacked the American multinational corporation Xerox Corp.

Xerox Corp provides document management solutions worldwide. The company’s Document Technology segment offers desktop monochrome and color printers, multifunction printers, copiers, digital printing presses, and light production devices; and production printing and publishing systems for the graphic communications marketplace and large enterprises.

The INC RANSOM ransomware group claims responsibility for hacking the American multinational corporation Xerox Corp and threatens to disclose the alleged stolen data.

The INC RANSOM group added Xerox to the list of victims on its Tor leak site.

Xerox Corp

The ransomware group published the images of eight documents, including emails and an invoice, as proof of the hack.

At this time it’s unclear which is the volume of data allegedly stolen from the company.

The INC RANSOM has been active since 2023, it claimed responsibility for the breach of more than 40 organizations to date.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

Source…

News Corp admits hackers accessed system for two years

/in


The emergence of a letter sent to at least one affected News Corp employee details how ‘an unauthorised party’ gained access to personal data.

News Corp logo at its headquarters in Sydney
(Image: AAP/Dean Lewins)

News Corp has admitted it failed to detect hackers inside its computer systems for 23 months between 2020 to 2022. News Corp first disclosed the breach last year in its 01-K filing with the Securities and Exchange Commission for the December quarter and in a subsequent article in The Wall Street Journal (WSJ). 

In February 2022, News Corp said a third-party cloud service it used was the target of a “persistent cyberattack activity” a month earlier. Security firm Mandiant, which helped News Corp in investigating the intrusion, told the WSJ it believed the attack was conducted by a threat actor aligned with the Chinese government.

News Corp then went quiet. Analysts failed to follow up the report with questions at post-earnings release briefings, and as the company doesn’t allow media to participate in briefings, there was no chance for further questioning. But in late February this year, news emerged in the US of a letter sent to at least one affected employee concerning the hacking.

Go deeper on the issues that matter.

Become a subscriber to get full access to the website, as well as our premium newsletters.

Join us

Already a subscriber?

Source…

Cyberattack hits Nunavut’s Qulliq Energy Corp. 

/in


Computer systems at Qulliq Energy Corp. are still down after a cybersecurity attack on Sunday, and Nunavut customers are being urged to check their bank accounts and credit cards for any unusual activity that could be related to the attack. 

Qulliq Energy Corp. (QEC) announced the cyberattack in a news release Thursday. 

“As soon as we learned there was a possible issue, we activated our crisis response plan to take control of the situation,” said Rick Hunt, president and CEO of QEC, in the release. “Our focus is on returning to normal operations while determining what information may have been impacted, all the while doing our utmost to serve our customers.”

Outside cybersecurity experts are working alongside QEC’s and the Government of Nunavut’s IT teams to investigate the cause and scope of the attack. 

Power plants across the territory are operating as usual, and power-related outages or emergencies can still be reported by calling 1-833-313-3030. 

QEC said an outside party is investigating the attack, and that it intends to notify anyone directly affected by the breach. 

Credit cards not being accepted

For now, customers can pay bills using cash in person in Iqaluit or Baker Lake, through Northern or Co-op stores and local banks in all communities, and by bank transfer through telephone or internet banking services. 

But credit card payments cannot be accepted, either in person or through telephone banking.

In a news release, Premier P.J. Akeeagok says the government is “actively assisting” in the power corporation’s response to the attack. 

It says staff from the Departments of Community and Government Services, Justice, Finance and Executive and Intergovernmental Affairs have been deployed to help. 

“These types of attacks are criminal,” Akeeagok’s statement reads. “Expert cyber-security and legal advice have been retained and the RCMP are assisting QEC’s ongoing investigation. The corporation is following best practices and taking the utmost caution to protect the private information of QEC’s customers.”

Source…

Raspberry Robin Malware Connected to Russian Evil Corp Gang

/in


Raspberry Robin, a widespread USB-based worm that acts as a loader for other malware, has significant similarities to the Dridex malware loader, meaning that it can be traced back to the sanctioned Russian ransomware group Evil Corp.

Researchers from IBM Security reversed engineered two dynamic link libraries (DLLs) dropped during a Raspberry Robin infection and compared them to the Dridex malware loader, which is a tool that has been definitively linked to Evil Corp. in the past — in fact, the US Department of the Treasury sanctioned the Russia-based Evil Corp for developing Dridex in 2019.

They found that the decoding algorithms worked similarly, using random strings in the portable executables as well as having an intermediate loader code that decoded the final payload in a similar manner and contained anti-analysis code.

“The results show that they are similar in structure and functionality,” Kevin Henson, a malware reverse engineer at IBM Security, wrote in the analysis. “Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks.”

Raspberry Robin Takes Flight

Security firm Red Canary first analyzed and named Raspberry Robin in May. Soon after, it came to the attention of other researchers, including IBM Security.

The worm spreads quickly throughout internal networks, hitchhiking on USB devices passed between workers. While Raspberry Robin relies on social engineering techniques to convince victims to plug in an infected USB device, infections took off during the summer, with 17% of IBM Security’s managed clients in targeted industries seeing infection attempts.

However, the malware puzzled researchers initially, because it simply hibernated on infected systems and appeared to have no second-stage payload. In July that changed: IBM and Microsoft researchers discovered that infected systems had begun downloading the FakeUpdates malware, typically a precursor to ransomware used by Evil Corp.

FakeUpdates, also known as SocGhoulish, masquerades as a legitimate software update, but installs popular attack software such as Cobalt Strike and Mimikatz, or ransomware, on the victim’s computer.

Microsoft noted at the time that FakeUpdates is usually attributed…

Source…