TL;DR

TL;DR: Chinese hackers’ espionage operation and medical data leak (Week 18)

Russian payment service QIWI was the target of a ransomware attack and data theft, which was subsequently made public. Security researchers uncovered a large-scale spying campaign and Google will allow some data to be removed from search results on request.

Chinese APT espionage campaign

Cybereason security researchers uncovered an operation by the Chinese APT group Winnti. The operation lasted from 2019 and targeted technology and manufacturing firms in East Asia, Western Europe and the US. The attack aimed to steal intellectual property, including sensitive documents, production plans, diagrams, formulas and proprietary data related to manufacturing. The attackers also stole data usable for other attacks, including user account data, employee emails and customer data.

New options to increase privacy

Google will allow users to remove sensitive data from search results upon request. The list of results that can be removed includes, for example, health data, bank account details, contact information such as home address, phone number, email address or images of ID cards.

Medical data and photo leaks

The US breast cancer charity Breastcancer.org maintained data in an unsecured database. 150 GB of freely available data contained, among other things, photographs of naked female patients for medical purposes and medical test results. In addition, the metadata of the photos included camera information and geolocation data where they were taken. Whether the database was obtained by cybercriminals prior to the disclosure is not yet confirmed.

Ransomware attack and data leak of a Russian company

Russia’s largest payment service QIWI has been the target of a ransomware attack and data theft. Cybercriminals Network Battalion 65 claimed responsibility for the attack and said that in addition to destroying backups and encrypting servers, they managed to exfiltrate QIWI clients’ payment card data. They planned to release payment card data at a rate of 1 million per day if QIWI representatives did not communicate. The company denied the cyberattack and the cybercriminals published data for 7 million payment cards at once.

Phishing attack from 2018

The U.S. Department of Defense announced that it was the target of a phishing attack leading to a $23.5 million loss back in September 2018. The attacker responsible for the attack pleaded guilty in court in January 2020 to conspiracy, bank fraud and money laundering. He is due to be sentenced this summer to a term that could be as long as 30 years in prison and a fine of $1 million, or twice the gross profit from the loss resulting from his crimes.

SHORTCUT:

 

  • International car rental network Sixt has been the target of a cyberattack. The company reports that the attack was quickly detected, with minimal consequences and only affecting care centres and selected branches,
  • The cybercrime group Killnet has carried out DDoS attacks on organisations in several European countries in recent weeks,
  • Security researchers Checkpoint have published a study showing that paying a ransom after a ransomware attack is approximately 15% of the cost of restoring infrastructure without decryption keys,
  • a group going by the name Anonymous released more than 285,000 classified emails belonging to the police of the island nation of Nauru in Micronesia.

« Späť na zoznam
Current threats
all publications
Links