More MoveIt victims revealed including US Department of Energy, PwC, EY and more
European Investment Bank attacked by Kilnet as Russian hackers vow to destroy Western financial system
University of Manchester breach – students and staff sent ransom demands
Investigation exposes that many UK government departments are highly vulnerable to cyber attacks
Alphv/BlackCat ransomware gang claims responsibility for February’s Reddit hack
The number of MOVEit victims continues to grow, with fresh cases coming to light each day. The most recent involve the US Department of Energy and sizeable financial corporations PwC and EY. This comes as particularly adverse news for PwC, which is currently striving to restore governmental trust after an earlier leak of confidential tax details.
As new studies suggest that the C10P ransomware group identified and began testing the vulnerability over a year ago, it is anticipated that additional victims will be disclosed in the weeks and months ahead.
For more than twenty years, all kinds of large organisations have favoured MOVEit due to its dependable service and robust file encryption capabilities. Therefore, what we are currently witnessing in terms of victims could merely be the proverbial tip of the iceberg.
Cl0p has stated that the victim list is substantial, but it is yet to reveal the full degree of the damage. Nevertheless, the information it has divulged up until now has been significant enough to warrant a declaration of a cyber security emergency.
The European Investment Bank (EIB) is the latest victim of Russian hackers, just days after threats of destabilising the Western financial system were made.
A representative from the EIB confirmed that the bank was "currently under a cyber attack," which impacted the accessibility of several of its websites. This attack follows a recent threat by Russian-speaking hackers who vowed to launch cyber assaults on Western financial institutions in retaliation for their support of Ukraine.
The Killnet group, claiming responsibility for the imminent attacks, stated on Telegram last week that they would "counteract the lunatics according to the mantra 'no money – no weapons – no Kyiv regime'."
This group is primarily renowned for deploying so-called "distributed denial of service" (DDoS) attacks, which overload a website with such an immense volume of traffic that it crumbles.
An EIB spokesperson confirmed that the bank is working on addressing the attack. They added, "Despite various groups claiming responsibility for this incident, we won't engage in speculation at this stage."
The EIB, owned by member states, serves as the European Union's development bank, managing over €500bn on its balance sheet.
Cyber security experts believe that the Killnet group could be a cadre of Russian hackers with potential connections to the country's authorities.
University students and staff have received emails cautioning them of an impending data leak, purportedly from the hackers responsible for a recent cyber attack.
On 6 June, some systems of the University of Manchester were infiltrated by an unauthorised entity.
According to the BBC it has seen an email that serves as a "final warning" of personal data exposure, citing the university's failure to meet the hackers' demands.
The university, which is home to approximately 40,000 students and 12,000 staff has communicated that it is working relentlessly to rectify the issue but has not yet verified the extent of the people impacted by the incident.
The received email warns students and staff that their personal data would be traded on the black market if the university does not pay a ransom.
A university representative stated: "In the wake of the cyber-incident we reported earlier this month, we're aware that some staff and students have received emails claiming to be from the individuals responsible."
The representative emphasised that all staff and students should exercise caution when opening suspicious or phishing emails and should report them to the university's IT department.
She further mentioned that the university is "working round-the-clock" to "determine what data has been accessed" and is "directing all available resources" towards resolving the issue. She added that anyone affected by the incident would be contacted through official university channels.
The university is collaborating with the Information Commissioner's Office, the North West Organised Crime Unit, and the National Cyber Security Centre in response to the cyber attack.
An investigation by the TaxPayers Alliance has raised concerns about the cyber security posture of key UK government departments, including those handling health, social care, and tax collection. According to Freedom of Information (FoI) requests these departments have been found to rely on obsolete software that could leave them susceptible to cyber threats and that "legacy" servers and databases were in use. Many of these systems in Whitehall are so archaic that they lack Microsoft's support and would necessitate significant expenditure to upgrade or replace.
Only three departments responded to the FoI requests. Data from HM Revenue and Customs (HMRC) revealed the use of a vast number of vulnerable servers and databases. The Department of Health and Social Care (DHSC) and the UK Atomic Energy Authority were also found to be using outdated software.
The revelations cast doubt on DHSC's ability to effectively respond to major health crises, such as the recent pandemic, given their reliance on antiquated systems. It also raises questions about HMRC's goal of a digitised tax system.
A former civil servant and cyber security worker turned whistleblower in Whitehall, told the Guardian newspaper: "The continuous use of legacy systems in government is completely unjustifiable and disgraceful... The public cannot have faith that their personal data is being safeguarded by the government due to these outdated systems... The vulnerabilities in these systems are publicly known, and off-the-shelf malware is easily accessible. The lack of basic security measures is a cause for concern in light of highly specialized cyber-attacks from skilled hackers in countries like Russia and China. As taxpayers, we are entitled to better."
The Alphv/BlackCat ransomware gang has admitted to orchestrating the February 2023 cyber-intrusion against the popular social networking site, Reddit. They allege to have pilfered 80 gigabytes of information during the attack.
Reddit acknowledged the security violation soon after it occurred earlier in the year, characterizing it as a meticulously planned and highly focused phishing operation. The attackers reportedly seized an employee's login credentials and second-layer authentication tokens.
The malefactors purportedly obtained access to a range of data, including internal documentation, business systems, source code, hundreds of contacts and personnel information, and even advertiser details. However, Reddit reassured users that no evidence suggested that production systems, user passwords, or accounts were compromised.
Last weekend, the Alphv/BlackCat ransomware group included Reddit on its leak website, boasting about the 80GB data heist. The group have demanded a ransom amounting to $4.5 million, insisting it be paid in return for the eradication of the stolen data. Additionally, they also want Reddit to halt the imminent API pricing alterations.
Having emerged in November 2021, Alphv/BlackCat operates on a Ransomware-as-a-Service (RaaS) business model.The group is notorious not only for deploying file-encrypting ransomware but also for additional coercive strategies like data theft and public exposure threats, launching Distributed Denial of Service (DDoS) assaults, and tormenting the partners, employees, and clients of the victims.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.