![]() ![]() The first was occasioned by an unexpected crackdown on (some) cybercriminal gangs in January of 2022. That drop, Infosecurity Magazine points out, coincides with Russia's invasion of Ukraine. In the course of surveying paycard fraud during 2022, Recorded Future's Insikt Group noticed a 62% drop in stolen cards being hawked or dumped on the dark web. A side-effect of Russia's war: a drop in paycard fraud. The US Cybersecurity and Infrastructure Security Agency (CISA) on January 17th released four industrial control system (ICS) advisories, affecting GE Proficy Historian, Mitsubishi Electric MELSEC iQ-F, iQ-R Series, Siemens SINEC INS, and Contec CONPROSYS HMI System (CHS) (Update A). These attacks were claimed by the hacktivist group Gonjeshke Darandehat (also known as Predatory Sparrow), though the BBC cites experts who suspect the attacks may have been carried out by a state-sponsored actors. Nozomi also outlines wiper attacks against three Iranian steel companies: the Mobarakeh Steel Company, (MSC), Khouzestan Steel Company (KSC) and Hormozgan Steel Company (HOSCO). nation-state, hacktivists, cybercriminals).” Nozomi notes that “attacks against rail systems have been growing in frequency, making this sector an attractive target to all threat actor types at play (i.e. ![]() Continental refused to pay the ransom, stating that “it would only help fund continued attacks on the security of critical infrastructure such as utilities and hospitals, educational institutions and the economy.” The attackers stole more than forty terabytes of data, which they threatened to publish on the dark web unless the company paid a $50 million ransom. The researchers describe a cyberattack that hit rail technology manufacturer Continental in November. Nozomi Networks has released its OT/IoT Security Report for the second half of 2022, highlighting disruptive attacks against the transportation and manufacturing industries. Other attacks against industrial systems. For more on the ShipManager incident, see CyberWire Pro. TradeWinds reports that as of January 17th, DNV was still working to bring ShipManager back online. "We apologize for the disruption and inconvenience this incident may have caused." In total around 1000 vessels are affected. DNV is in dialogue with the Norwegian police about the incident. DNV is communicating daily with all 70 affected customers to update them on findings of the ongoing forensic investigations. The server outage does not impact any other DNV services. DNV experts are working closely with global IT security partners to investigate the incident and to ensure operations are online as soon as possible. "There are no indications that any other software or data by DNV is affected. All users can still use the onboard, offline functionalities of the ShipManager software." "DNV experts have shut down ShipManager’s IT servers in response to the incident. DNV says approximately one thousand vessels belonging to seventy of its customers have been affected: Īccording to the LoadStar, the ship classification society DNV has disclosed that its ShipManager fleet management software was hit by a ransomware attack on January 7th. The new version of the threat actor’s malware includes “some additional obfuscation and a modified network protocol.” For more on Playful Taurus, see CyberWire Pro. The threat actor appears to have compromised the networks of at least four Iranian government organizations, including Iran’s Ministry of Foreign Affairs. In this case, Playful Taurus is targeting government entities in Iran with a new version of its Turian malware. ![]() Palo Alto Networks’ Unit 42 has published a report describing “Playful Taurus” (also known as APT15 or Vixen Panda), a Chinese threat actor known for carrying out cyberespionage campaigns against government and diplomatic entities around the world.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |