Tag Archive for: MONTHS

Panasonic Admits Suffering a Second Cyber Attack in 6 Months With Conti Ransomware Gang Claiming Responsibility

/in


Japanese tech company Panasonic disclosed that it was the victim of a “targeted cyber attack” on its Canadian operations. According to malware analysis group VX Underground, the Conti ransomware group claimed responsibility for the attack. The group claims to have stolen 2.8 gigabytes of data from Panasonic Canada.

The February attack was the second to devastate the company within six months. In November 2021, Panasonic Japan disclosed that a third party had breached its network and accessed files on its servers.

The company disclosed in January 2022 that the attack leaked the personal information of job candidates and interns.

According to the Japanese media outlet NHK, the illegal access lasted from June to November 2021.

Similarly, Panasonic Corporation India suffered a cyber attack in December 2020, leaking 4 GB of financial information.

Conti ransomware group leaks files allegedly stolen from Panasonic

Conti ransomware group started sharing allegedly stolen documents on its leak site. The dump includes files and spreadsheets reportedly stolen from the HR and accounting departments. Some of the documents had names like “HR Global Database” and “Budget.”

Panasonic hasn’t disclosed the hacking group’s identity or ransomware demands, the intrusion method, the nature of the information stolen, or the number of potential victims.

However, the company says the attack affected the Canadian operation, which employs 400 people and is part of the North American segment.

Panasonic spokesperson Airi Minobe told TechCrunch that the company “took immediate action to address the issue with assistance from cybersecurity experts and our service providers.”

Its response “included identifying the scope of impact, containing the malware, cleaning and restoring servers, rebuilding applications and communicating rapidly with affected customers and relevant authorities.” This description perfectly resembles a ransomware attack response.

Minobe added that efforts to restore operations were still in progress, although the top priority was to mitigate the impacts of the suspected Conti ransomware attack.

“Since confirming this attack, we have worked diligently to restore operations and…

Source…

Galaxy A71 5G is getting a security update two months late in the US

/in


Last updated: March 8th, 2022 at 08:05 UTC+01:00

The Galaxy A71 5G was among Samsung’s first mid-range 5G smartphones to be launched in the US. It was also launched in some Asian and European countries and in Australia and New Zealand. The phone has now received a new security update in the US, but it is already two months late.

The latest software update for the carrier-locked version of the Galaxy A71 5G comes with firmware version A716USQU6DVA2. It includes the January 2022 security patch that fixes over five dozen privacy and security-related vulnerabilities. It also contains general bug fixes and device stability improvements.

The new update for the Galaxy A71 5G is now available on Sprint and T-Mobile’s carrier networks in the US. Other carriers could release the update within the next few days. Samsung is usually among the first OEMs to release new software updates, but updates could get delayed with carrier-locked models due to additional testing and verification stages.

If you use a carrier-locked version of the Galaxy A71 5G in the US, you can check for the new update manually by navigating to Settings » Software update and tapping on Download and install. You can also download the latest firmware file from our firmware database and flash it manually.

Join SamMobile’s Telegram group and subscribe to our YouTube channel to get instant news updates and in-depth reviews of Samsung devices. You can also subscribe to get updates from us on Google News and follow us on Twitter.

Source…

Top U.S. Fuel Pipeline Hires Cyber Safety Boss Months After Hack

/in


(Bloomberg) — Colonial Pipeline Co., which manages the largest fuel conduit in the U.S., hired a Chief Information Security Officer nine months after a ransomware attack completely paralyzed its operations, drove up gasoline prices and sparked shortages at filling stations along the East Coast. 

Source…

New evidence from Lumen reveals Konni attack on Russia lasted three months

/in


DENVER, Jan. 6, 2022 /PRNewswire/ — Researchers at Black Lotus Labs®, the threat intelligence team at Lumen Technologies, discovered new evidence of a months-long campaign against the Russian Ministry of Foreign Affairs (MID). The highly targeted campaign included the deployment of the Konni RAT – a malicious Remote Access Trojan that researchers and governments believe is a tool used by the Democratic People’s Republic of Korea (DPRK) since 2014.

Overview of Konni campaign against the Russian MID
Overview of Konni campaign against the Russian MID
Lumen Logo (PRNewsfoto/Lumen Technologies)
Lumen Logo (PRNewsfoto/Lumen Technologies)

“This activity cluster demonstrates the patient and persistent nature of advanced actors who wage multi-phased campaigns against perceived high-value networks,” said Mark Dehus, director of threat intelligence at Black Lotus Labs. “If actors attempt to infiltrate the Russian Ministry of Foreign Affairs, what’s to stop them from attempting to use these same tactics on other governments or high-profile businesses? For this reason, it is vital for defenders to understand advanced actors’ evolving capabilities and tradecraft used to infect coveted targets.”

Read the full blog here.

Timeline of Observed Events

The series of persistent actions against Russia’s MID occurred from October to December 2021 as follows:

  • In October, the actors set up spoofed hostnames to harvest credentials of an active MID account.
  • In November, the attackers used social engineering to lure recipients into downloading malware disguised as software the Russian government uses to collect Covid vaccination statuses.
  • In December, the attackers used the previously acquired credentials to spear-phish high-value targets with a Happy New Year-themed message. If invoked, a loader nearly identical to the one observed in November would deploy a sophisticated infection chain resulting the Konni RAT, as previously reported by Cluster25.

Why This Attack is Significant

  • One of the high-profile targets included Sergey Alexeyevich Ryabko, deputy foreign minister for the Russian Federation, among other Russian government officials….

Source…