Reports suggest that the elite Russian state hackers behind last year’s massive SolarWinds cyberespionage campaign hardly eased up this year, managing plenty of infiltration of U.S. and allied government agencies and foreign policy think tanks with consummate craft and stealth, a leading cybersecurity firm reported Monday. On the anniversary of the public disclosure of the SolarWinds intrusions, Mandiant said the hackers associated with Russia’s SVR foreign intelligence agency continued to steal data “relevant to Russian interests” with great effect using novel, stealthy techniques that it detailed in a mostly technical report aimed at helping security professionals stay alert.
ISBuzz Team
It has been reported that hackers have taken $196 million from crypto trading platform Bitmart, according to a security firm. Bitmart confirmed the hack in an official statement Saturday night, calling it “a large-scale security breach” and writing that hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm Peckshield estimates that the loss is closer to $200 million.
More than 300 Spar stores in the UK have been hit by a cyberattack that has forced many shops to close their doors. The attack has caused a ‘total IT outage’ which prevents staff from taking card payments and has locked them out of email systems.
Please see below expert comments by Eddy Bobritsky, CEO at Minerva Labs regarding a Russian hacking group using new stealthy Ceeloader malware. The Nobelium hacking group has continued to breach gov’t and enterprise networks worldwide by targeting their cloud and managed service providers and using a new custom “Ceeloader” malware.
In a letter to affected patients (linked below), Planned Parenthood Los Angeles advised affected patients that it “identified suspicious activity on our computer network. We immediately took our systems offline, notified law enforcement, and a third-party cybersecurity firm was engaged to assist in our investigation. The investigation determined that an unauthorized person gained access to our network between October 9, 2021 and October 17, 2021, and exfiltrated some files from our systems during that time.
Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historic data to be lost. In an update sent to customers this week, the company said it expects to be able to begin accepting payments through its SmartHub platform and other payment kiosks during the week of December 6. DMEA did not use the term “ransomware” but said much of their data had been corrupted while phone and email services were down for weeks.
According to reports, Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historic data to be lost. In an update sent to customers this week, the company said it expects to be able to begin accepting payments through its SmartHub platform and other payment kiosks during the week of December 6. DMEA did not use the term “ransomware” but said much of their data had been corrupted while phone and email services were down for weeks.
Information security experts commented below on the news about the government being fines £500,000 by the ICO after a data breach which exposed the addresses of over 1000 New Years honours recipients, and how bad identity management practice was the cause of this breach.
Researchers have observed a malicious campaign offering fake installers of popular apps and games, such as Viber, WeChat, NoxPlayer, and Battlefield as bait to get users to execute malware on their systems. Two undocumented malware families (a backdoor and a Google Chrome extension) are consistently delivered together by an unknown actor with the alias “magnat”.
It has been reported that DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons. The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, but the firm discovered it only on October 29, 2021. The information that the hackers accessed includes the following: Full namesCredit card number + CVVDebit card number + CVVFinancial account numberPlatform account password The compromised database contained older backups dating between 2004 and 2012, and it’s not linked to the active systems and databases used by DDC today. “The impacted database…