Tag Archive for: energy

Rhysida ransomware gang claimed China Energy hack


Rhysida ransomware gang claimed China Energy hack

Pierluigi Paganini
November 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.

The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site.

The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors.

One of the country’s largest integrated energy companies, it holds a prominent position in the industry.

CEEC actively participates in developing and constructing a diverse range of energy projects, encompassing coal, hydropower, nuclear, and renewable energy initiatives.

It also engages in international projects, contributing to the global energy landscape.

The ransomware group claims to have stolen a substantial trove of ‘impressive data’ and is auctioning it for 50 BTC. The Rhysida ransomware operators plan to sell the stolen data to a single buyer. The gang will publicly release the data over the seven days following the announcement.

Recently, the Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site.

Last week, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks. The advisory is part of the ongoing #StopRansomware effort, disseminating information about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

The report includes IOCs and TTPs identified through investigations as recently as September 2023.

The Rhysida ransomware group has been active since May 2023. According to the gang’s Tor leak site, at least 62 companies are victims of the operation.

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.”

“Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information…

Source…

A Green Energy Giant Was Defrauded Of $800,000–The Hackers Sent $50,000 To A Nigerian Oil Official, FBI Says



This is the web version of this week’s edition of The Wiretap newsletter, which every Tuesday brings exclusives and other news about surveillance, privacy and cybercrime, straight to your inbox. Click here to get on the newsletter list!


In June last year, hackers took control of an email account belonging to an employee at heavy machinery manufacturer Mountain Crane. The hackers used their access to send an invoice totalling $1.75 million to one of the company’s customers, wind turbine giant Nordex, which then unwittingly paid the hackers over $800,000. A month later, Nordex realized it had been defrauded and contacted the FBI.

The fraud, outlined in a search warrant obtained by Forbes, was a classic case of what’s known as Business Email Compromise (BEC), one of the most common and financially devastating cyberattacks, costing the U.S. $2.7 billion in 2022 alone. But something strange caught the FBI’s attention: $50,000 of the stolen funds were sent to the bank account of Dr. Kelechi Ofoegbu, a Nigerian government official and regulator of the oil and gas industry. Ofoegbu is currently an executive commissioner at the Nigerian Upstream Petroleum Regulatory Commission, and previously worked at energy giants Shell and Eland Oil & Gas.

Ofoegbu has strenuously denied any wrongdoing and said funds from his bank account were wrongly seized. “I am completely innocent and would crave an opportunity to prove this,” he told Forbes. He said he has been banned from travelling to the U.S. and was only made aware of the Nordex fraud after Forbes contacted him about the allegations.

The Department of Justice declined to comment any further on the case. Mountain Crane didn’t respond to requests for comment. Nordex spokesperson Antje Eckert said the company was working with law enforcement on the case, adding that the company had been told the FBI recovered the full amount paid.

Why Ofoegbu allegedly had the money in his account remains a mystery, however. You can read the court document on the case

Source…

Eastern European energy, defense firms subjected to updated MATA attacks – SC Media



Eastern European energy, defense firms subjected to updated MATA attacks  SC Media

Source…

In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach 


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:  

SentinelOne ends Wiz collaboration following acquisition rumors

SentinelOne has ended its collaboration with cloud security firm Wiz following reports of a potential merger valued at $5-6 billion. SentinelOne shut down the rumors that it’s being acquired by Wiz a few days later, when it announced its decision to unilaterally terminate its six-month-old partnership with Wiz “as a result of their continued lack of execution against their commitments”.

Hackers may be breaking into LastPass vaults compromised in data breach 

Advertisement. Scroll to continue reading.

Some experts believe that threat actors may be breaking into the LastPass vaults compromised in a data breach last year, security blogger Brian Krebs reported. An investigation showed that many security-conscious individuals who had a total of $35 million worth of cryptocurrency stolen from them had used LastPass to store their private key.

Semiconductor company NXP discloses data breach

Dutch semiconductor designer and manufacturer NPX has disclosed a data breach affecting the email addresses of users who had registered an account on npx.com, but had not used it for at least 18 months. No other information was exposed, NPX said. 

Data breach at golf equipment maker Callaway impacts one million people

Callaway, a company that makes clubs, balls and other golf equipment, has disclosed a data breach affecting more than one million people. The firm said it discovered unauthorized access to information such as name, email address, phone number, order history, password, and security question answer. 

New report details how China is weaponizing…

Source…