North America News

LockBit ransomware gang claimed to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen data from the company. The Bridgestone Americas family of enterprises includes more than 50 production facilities and 55,000 employees throughout the Americas. On February 27, some company employees at Bridgestone’s La Vergne plant reported being sent home due to a possible cyber attack. Bridgestone launched an investigation into the incident and hired a prominent consultant firm to understand the full scope and nature of the incident. Read more about it here. 

The Department of Justice today announced the seizure of the RaidForums website, a popular marketplace for cybercriminals to buy and sell hacked data, and unsealed criminal charges against RaidForums’ founder and chief administrator, Diogo Santos Coelho, 21, of Portugal. Coelho was arrested in the United Kingdom on Jan. 31, at the United States’ request and remains in custody pending the resolution of his extradition proceedings.   Read more about it here.

A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. Logs retrieved from the compromised machines showed that two threat groups had compromised them and were engaged in reconnaissance and remote access operations. The attackers tried to remove their tracks by deleting Event Logs but the pieces of the files remained allowed threat analysts to get a glimpse of the actor and their tactics.   Read more about it here.

The FBI first became aware of RagnarLocker in April 2020 and subsequently produced a FLASH to disseminate known indicators of compromise (IOCs) at that time. This FLASH provides updated and additional IOCs to supplement that report. As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors.   Read more about it here. 

This year's Super Bowl was not very exciting. The game was low-scoring, and the halftime show was lackluster. The only interesting thing that happened on Super Bowl Sunday is the San Francisco 49ers, who wasn't even in the game, confirmed it got hacked. Over the weekend, the BlackByte ransomware group's dark web blog touted that it had CYBER THREAT INTELLIGENCE –NEWSLETTER – 2022/02/16 hacked servers belonging to the San Francisco 49ers and encrypted them. It wants $530 million for the key. The post contains a file called "2020 Invoices" to prove it has company data. Ars Technica notes that the cache holds hundreds of billing statements to entities including AT&T, Pepsi, and the city of Santa Clara.   Read more about it here.

Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The data breach notification filed with several attorney generals' offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data. Right after the attack, a Kronos customer impacted in the incident told BleepingComputer that they had to go back to using paper and pencil to cut checks and monitor timekeeping.   Read more about it here.