The attacker’s actions had the whiff of a Black Basta affiliate, with Qbot activity widely reported as being a cornerstone of Black Basta intrusions. Black Basta is a splinter group that emerged after the “Conti” ransomware syndicate was quelled.
Hitachi Energy immediately launched an investigation into the incident and disconnected the compromised system. The company reported the data breach to law enforcement agencies and data protection watchdog.
Also referred to as LockBit Black, LockBit 3.0 has a more modular architecture compared to its previous variants, and supports various arguments that modify its behavior after deployment.
Chinese hackers exploited a critical Fortinet bug and used custom networking malware to steal credentials and maintain network access, according to Mandiant. Victims include defense, telecom, and technology firms, as well as government agencies.
“The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as ‘Hinata-–,’” Akamai said in a technical report.
By analyzing Trigona ransomware binaries and ransom notes from VirusTotal, as well as information from incident response, Unit 42 determined that Trigona was very active during December 2022, with at least 15 potential victims being compromised.
ESET researchers found that the Tick cyberespionage group compromised an East Asian Data-Loss Prevention (DLP) company in 2021 and used a wide range of tools in similar attacks. In one of its campaigns, it used a tampered version of a legitimate app called Q-Dir to drop an open-source VBScript backdoor named ReVBShell.
As of late November 2022, Microsoft and other security firms identified a new form of ransomware, called “Sullivan”, deployed against Ukrainian targets, in addition to the “Prestige” ransomware Russia deployed in Ukraine and Poland in October 2022.
After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts.
This PowerShell script (KB5025175) simplifies the process of securing WinRE images against attempts to exploit the CVE-2022-41099 flaw that enables attackers to bypass the BitLocker Device Encryption feature system storage devices.