More MOVEit victims revealed including Ofcom, Transport for London and Health Service Ireland
More victims of the MOVEit supply chain attack have been revealed with the UK media regulator Ofcom, Transport for London and Health Service Ireland being the most high profile this week.
The Russian-based Clop Ransomware group, notorious for its cyber assaults since it first came onto the scene back in February 2019 has threatened the affected companies that if they did not comply with their demands by June 14, 2023, they will release the stolen data.
Clop asserted in its message to victims that any individual associated with local or national government or law enforcement agencies were not the target of this threat. Speaking directly to these people, the cybercriminals assured them that they needn't be concerned. They further stated, “we've deleted your data; no need for any interaction from your side. We have no intent to disclose such details”. However, the credibility of this proclamation remains a point of debate.
Victims are encouraged not to pay any ransom demands as there is no guarantee that the hackers will not use the data for secondary attacks and any money paid only encourages more attacks in future.
Swiss Government hit by a series of cyber attacks
On Monday, a significant cyber-attack resulted in disabling a number of Swiss federal agencies' and state-affiliated corporations' websites with the Swiss finance ministry confirming that a cyber-attack had taken place.
The Swiss authorities revealed that in-house security specialists had promptly detected the cyber intrusion. Not only did they identify the threat swiftly, but they were also promptly "implementing corrective actions to reinstate access to the websites and software applications at the earliest."
The attack was identified as a Distributed Denial-of-Service (DDoS) attack, and was claimed by the group known as NoName. This threat group, renowned for its pro-Russian stance, specialises in launching such cyber-attacks. Their main targets traditionally include organisations based in Ukraine and throughout Europe.
Interestingly, this wasn't the first time NoName had claimed responsibility for a similar attack in Switzerland. A few days earlier, on June 7-8, the group had claimed to launch a corresponding attack against the Swiss Parliament, indicating that the alpine nation is in their sights.
New Phishing campaign discovered targeting Twitter and Discord
Cyber security experts have identified a new phishing scheme aimed at compromising Twitter and Discord accounts in order to pilfer cryptocurrency.
Security researchers spotted the activities of a hacker collective known as Pink Drainer. The group has reportedly stolen more than $3 million from over 2000 victims, among which include notable figures like OpenAI CTO Mira Murati.
The manipulation tactics employed by the scammers see them impersonate journalists from reputed platforms like Decrypto and Cointelegraph in an attempt to establish trust with their targets.
According to the researchers the scam often takes between one and three days, culminating in a KYC authentication which incorporates Discord-related phishing in the last step. For instance, they manipulate Discord administrators into opening a malicious Carl verification bot and guiding them to add bookmarks containing harmful code.
This code is engineered to steal the victim's Discord token, giving the hackers access to the user's account. They then proceed to remove other administrators, make themselves the new admin, and engage in "violations" that result in Discord blocking the account.
So far the Pink Drainer collective has successfully scammed 2307 victims and pilfered nearly $3.3 million, including $300,000 from a single individual.
The trend of targeting Discord accounts is on the rise amongst hackers. Last year, cyber researchers unearthed malicious npm packages created to steal Discord tokens and card information.
Russian hackers behind Gloucester Council cyber attack
The Russian linked Conti ransomware gang have been confirmed as the orchestrators of the attack that disrupted Gloucester City Council's IT services in 2021.
Post-investigation, the council stated that while resident information might have been compromised, there's no evidence of it being published online.
Although reports linked the attack to Russian hackers, this is the first official confirmation. The council worked with the National Crime Agency, National Cyber Security Centre, and informed the Information Commissioner's Office to mitigate further risks.
Local councils are often targets for hackers due to the significant amount of sensitive data they hold, such as personal, financial, and property information, coupled with typically lower cyber security measures compared to larger organisations.
