Bringing cybersecurity globally to critical and complex key activities
On 6 December 2022, the cybercriminal ransomware group Hive added the French retail chain Intersport to its list of victims. The group claims to have carried out the attack on 23 November. No details are given on the nature of the stolen data or whether it was actually revealed. Intersport has not made any statement on this new claim by the group. Intersport had said in November: "Dear customers, we are currently facing a cyber attack on Intersport's servers that prevents us from accessing our cash registers, loyalty card service and gift card service. Read more about it : here
According to a report on December 13, 2022, a new Formbook campaign is underway using Libyan oil companies to spread. The campaign is said to use phishing emails and has already hit Italy. The malicious emails contain 4 images and a pdf. When opening the pdf, the recipient is asked to open a link that downloads an executable which turns out to be malware. The email used is a forged email from a Libyan oil company and the link attached to it points to a URL from which the exe file "Req for Quote" is downloaded. Then Formbook, thanks to the keylogger function, is able to acquire everything the user types. Read more about it : here
On 5 December 2022, the new cybercriminal group Play Ransomware claimed to have launched an attack against the Vienna-based technology company Austria Presse Agentur. The attack reportedly took place on 28 November 2022 and they managed to extract 80 GB of data. The data is said to contain personal data, project documents and financial information. No details are given on the ransom demanded. Read more about it : here
On December 13, 2022, a cyber intrusion attack was detected in the computer systems of the municipalities of Mörbylånga and Borgholm in Sweden. In response, a crisis management unit was reportedly activated, but the attack still caused the municipality's network connection to the internet to be disabled. Mörbylånga's website and email are down. However, the Borgholm website is managed externally, so it is up and running and the emails are working. For the moment, no details on the type of attack or the systems affected have been released. However, given the post attack reaction of the municipality it is possible that it is a ransomware attack. Read more about it : here
On 8 December 2022, the pro-Russian hacktivist group Noname057 claimed to have launched a DDoS attack on the websites of the Greek Ministry of Defence, the Ministry of Defence of the Czech Republic and the Ministry of Defence of Croatia. The attack is part of the KillNet sphere's campaign of attacks in their cyber war of attrition against European governments. Read more about it : here
According to a report on 15 December 2022, the Vjw0rm malware is currently being used in a phishing campaign targeting Italy. The emails in these attacks impersonate a beauty product vendor and hide the malware in a js file in a "rar" attachment named "$38,570 detailed invoice payment". Vjw0rm is a hybrid modular/RAT worm that has three main capabilities: information theft, denial of service (DOS) and self-propagation. In the latter case, it copies itself throughout the operating system and boot folder and can spread via removable devices such as USB sticks. Read more about it : here
On 6 December 2022, the Play Ransomware group added several organisations and companies to its list of victims, three of which are European. Among the claims are "Skoda Praha", an energy company in the Czech Republic, Husinec, a municipality in the Czech Republic and Wrota Mazowza, a mapping service in Poland. The release dates of the data were announced for between the 14th and 16th, without indicating the type of data that had been stolen. The Wrota Mazowza website is unavailable, suggesting a more violent attack. Read more about it : here
On 9 November 2022, the cybercriminal group Hive ransomware added the Natherland-based company APM Terminals, a harbor operator, subsidiary of Maersk, to its list of victims. No details are given about the nature of the stolen data or the direct consequences of the attack on the company. The attack is believed to have taken place on 17 October and the stolen data will be released on 11 November. Read more about it : here
On November 8, 2022, cybercriminal ransomware group LockBit 3.0 claimed to have attacked Richard Wolf Gmbh. Some of the company's data is said to be encrypted and the management has until 10 November to comply with LockBit 3.0. Some of the company's data is said to be encrypted and the management has until 10 November to comply with LockBit 3.0. Experts are reportedly working on the company's systems to assess the exact damage. Read more about it : here
On 15 November 2022, according to a Kaspersky study, North Korean hackers Lazarus are using a new version of the DTrack backdoor to attack organisations in Europe and Latin America. DTrack is a modular backdoor with a keystroke logger, screenshot logger, browser history retriever, running process spy, IP address logger, network connection information logger and more. In addition to spying, it can also execute commands to perform file operations, retrieve additional payloads, steal files and data and run processes on the compromised device. Finally, Dtrack hides in an executable that looks like a legitimate program, and there are several decryption steps before the malware payload begins. Targeted sectors include government research centres, policy institutes, chemical manufacturers, IT service providers, telecommunication providers, utility providers and education. Read more about it : here