Content 

01. News Bites
  • Cyber attack targets three more hospitals in Merseyside

  • Notorious Ransomware group Brain Cipher claims Deloitte UK breach

  • Chinese hacking campaign hits dozens of nations, White House confirms

  • Russian hackers target UK Ministry of Defence in cyber breach

  • BT Group confirms Black Basta Ransomware breach on conferencing division

02. Conclusion

Quick News Bites

Cyber attack targets three more hospitals in Merseyside

Three hospitals in Merseyside—Alder Hey Children’s NHS Foundation Trust, Liverpool Heart and Chest Hospital, and Royal Liverpool University Hospital—were targeted in a cyber attack following a similar incident at Wirral's Arrowe Park Hospital earlier this month.

Alder Hey Trust confirmed the attackers had published screenshots of allegedly stolen data online, though the full extent of the breach remains under investigation. While services were unaffected, the trust said it had secured its systems and warned that data could be released before they had fully assessed the situation.

Meanwhile, Wirral University Teaching Hospital Trust, which declared a major incident on 25 November, is recovering services. The incident has been downgraded to a “business continuity incident,” but patients still face delays, with emergency cases prioritised.

Merseyside Police, the National Crime Agency, and the National Cyber Security Centre are assisting the hospitals in addressing the breach.

Notorious Ransomware group Brain Cipher claims Deloitte UK breach

Brain Cipher, a ransomware group infamous for high-profile attacks, claims to have breached Deloitte UK, allegedly exfiltrating over 1 terabyte of sensitive data from the professional services giant.

Emerging in June 2024, Brain Cipher has rapidly gained notoriety, with past attacks including a crippling breach of Indonesia’s National Data Centre that disrupted over 200 government agencies. In its latest claim, the group accuses Deloitte of critical cybersecurity failures and has threatened to release evidence of compromised data, including contractual agreements, security tool usage, and client information.

Brain Cipher has invited Deloitte representatives to engage in discussions via corporate email, hinting at potential ransom negotiations.

Deloitte has yet to confirm or deny the breach, which could impact its corporate clients, financial records, and reputation. Cybersecurity experts are closely monitoring developments, as the situation raises fresh concerns over the resilience of major firms against sophisticated cyber threats.

Chinese hacking campaign hits dozens of nations, White House confirms

A Chinese hacking group, known as Salt Typhoon, has executed one of the largest intelligence breaches in US history, targeting at least eight major telecommunications firms, including AT&T, Verizon, and Lumen Technologies. This campaign has reportedly given Beijing access to private texts and calls of a "large number" of Americans, a senior White House official has revealed.

US officials have urged Americans to use encrypted messaging apps, such as Signal and WhatsApp, to safeguard their communications. Despite the breach, White House Cybersecurity Adviser Anne Neuberger assured that no classified communications are believed to have been compromised.

The extent of the infiltration remains uncertain, with Jeff Greene from the Cybersecurity and Infrastructure Security Agency stating that evicting the hackers entirely is "impossible to predict."

China's embassy in Washington has denied the allegations, accusing the US of cyberattacks and "slander."

Russian hackers target UK Ministry of Defence in cyber breach

The UK Ministry of Defence (MoD) has confirmed a cyber breach exposing passwords and email addresses of nearly 600 employees, with the stolen data leaked onto the dark web. Russian hackers are believed to be responsible, targeting the Defence Gateway portal—a platform used by British military personnel for internal communication, HR services, and health record access.

Although the platform does not store classified information, the breach raises concerns about espionage and blackmail risks. Affected employees include those stationed in Iraq, Qatar, Cyprus, and mainland Europe. Initial investigations suggest hackers exploited vulnerabilities in personal devices, bypassing multi-factor authentication.

Intelligence officials warn this could signal more advanced espionage efforts. "This activity may lead to covert recruitment or blackmail using personal data," an official said.

The MoD, in collaboration with the National Cyber Security Centre, is investigating and addressing the breach, underscoring the rising threat of global cyberattacks on critical infrastructure.

BT Group confirms Black Basta Ransomware breach on conferencing division

BT Group, the UK’s leading telecommunications provider, has confirmed a Black Basta ransomware breach targeting its BT Conferencing business division. While the company stated the attack did not impact its core operations or live services, servers were taken offline as a precautionary measure.

A BT spokesperson clarified, “The incident was restricted to specific elements of the BT Conferencing platform, which were rapidly taken offline and isolated. No other BT Group or customer services have been affected.”

However, the Black Basta ransomware gang claims to have stolen 500GB of sensitive data, including financial records, user details, and confidential documents. The group has threatened to leak the data next week, sharing folder listings and screenshots as proof.

BT is collaborating with regulatory and law enforcement bodies as investigations continue. Black Basta, operational since April 2022, has targeted over 500 organisations globally, amassing over $100 million in ransom payments.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.