Tag Archive for: linked

Boeing ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia

/in


A hacking group called LockBit claimed Friday that it had infiltrated Boeing Co. and stolen sensitive information from the aerospace giant.

The group, which has been linked to Russia, set a Nov. 2 deadline for Boeing to contact it, otherwise threatening to publish “all available data,” Cybernews reported, citing a LockBit “dark leak” website.

“We are assessing this claim,” a Boeing spokesman said in an email to The Messenger.

Beyond its commercial aircraft business, Boeing is a major defense contractor, selling everything from weapons to satellites to fighter jets to the U.S. and allied governments. The Pentagon referred questions on the matter to Boeing.

Source…

High-profile summer attacks linked to same aggressive ransomware group

/in


The threat group behind some of the most high profile, identity-based cyberattacks this year is also “one of the most dangerous financial criminal groups” currently in operation, Microsoft researchers said in a Wednesday report.

The group, which Microsoft identifies as Octo Tempest and other researchers identify as Oktapus, Scattered Spider and UNC3944, uses multiple forms of social engineering to gain access to organizations’ infrastructure, steal corporate data and extort victims for ransom payments, according to Microsoft Threat Intelligence.

The collection of young, native English-speaking threat actors, which was initially observed in 2022 and affiliated with the ransomware-as-a-service operation ALPHV or BlackCat in mid 2023, has claimed responsibility for major attacks against MGM Resorts, Caesars Entertainment and Clorox in the past few months.

Microsoft researchers said similar social-engineering techniques resulted in attacks against four Okta customers’ environments in late July and August.

While those attacks directly targeted Okta customers for the initial point of intrusion, a more recent string of attacks against Okta customer environments occurred when a threat actor used a stolen Okta support system administrator credential to access authentication tokens for customers, including BeyondTrust, Cloudflare and 1Password.

The report also pointed to the group’s recent focus on VMware ESXi servers, virtualization infrastructure lacking security tools which have been hit by a spree of attacks this year.

The threat actors are responsible for wide-ranging campaigns using adversary-in-the-middle techniques, social engineering and SIM swapping. Industries most recently targeted for extortion include gaming, hospitality, technology, financial services, managed service providers and manufacturing, according to Microsoft.

“The well-organized, prolific nature of Octo Tempest’s attacks is indicative of extensive technical depth and multiple hands-on-keyboard operators,” Microsoft Threat Intelligence said in the report.

Microsoft joins other threat researchers in describing the group as prevalent, highly…

Source…

Attacks exploiting WinRAR zero-day linked to Russian, Chinese hackers

/in



Attacks exploiting WinRAR zero-day linked to Russian, Chinese hackers TechCrunch reports that numerous Russian and Chinese state-backed hacking operations have been leveraging an already patched …

Source…

CISA Identifies Known Exploited Vulnerabilities Linked to Ransomware Campaigns

/in


The Cybersecurity and Infrastructure Security Agency has launched new resources to help organizations identify vulnerabilities and misconfigurations linked to ransomware campaigns.

The agency said Thursday it has added a “Known to be Used in Ransomware Campaigns” column to its catalog of known exploited vulnerabilities and a “Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns” table to its Stop Ransomware website.

The table features a short description of the misconfiguration and a column identifying the cyber performance goal action for each vulnerability.

With the new offerings, CISA aims to help critical infrastructure organizations boost their cyber resilience by providing mitigations against specific KEVs, misconfiguration and weaknesses targeted in ransomware campaigns.