TL;DR: New Threat Actors on the Scene (13th and 14th Weeks)

New threat actors have been identified on the ransomware and phishing scene, including the threat actor who has the new and currently fastest encryption binary in the world. A multinational corporation has become a target of a major cyberattack and has been forced to suspend services. Security forces have had a success in a number of crackdowns – against fraudsters, cybercrime store operators, and a significant amount of cryptocurrency has also been seized.

The fastest ransomware

Checkpoint security researchers have released information on the new Rorschach ransomware. The ransomware is unique (it has no overlap with other ransomware families) and its encryption binary encrypted 220,000 files in just four and a half minutes, which is two and a half minutes faster than the Lockbit 3.0 encryption binary, being the fastest so far.

Fake extortionists

A number of organisations in the US have become a target of phishing attacks by a new fake ransomware gang using the name Midnight. The threat actors try to deceive victims that they have successfully stolen the data and demand a ransom for non-disclosure. There are also cases when these fake extortionists have impersonated some well-known ransomware gangs.

Success of security forces

Ukrainian security forces have successfully arrested several members of a gang being behind phishing attacks through which 4.3 million dollars were stolen from victims. In 30 house searches, the police seized a number of technical devices – laptops, mobile phones and SIM cards.

Cyberattack on Western Digital

Western Digital, an international data storage company, has become a target of a large-scale cyberattack. The attack disrupted the operation of several services and resulted in the theft of an unknown amount of data. The attack is under investigation and it is not yet known how long the service disruption will last.

Data breach

A cyberattack on Australian loan giant Latitude Financial Services, led to the data theft of 14 million individuals. The data breach is still under investigation and significantly exceeded the initial assumption of 328,000 individuals being impacted. The attacker obtained the login credentials of one of the employees and the stolen data included, e.g. identification details, driver’s license numbers and passport numbers.


  • In the US, the FBI arrested dozens of people and successfully seized the cybercrime store Genesis Market.
  • The U.S. Department of Justice successfully seized 112 million dollars in cryptocurrency. The funds were linked to gangs running romance scams. The money will be returned to the victims.
  • BleepingComputer security researchers published information about a new ransomware gang named Money Message. The gang specializes in double blackmailing (possessing a decryptor and threatening to sell/leak stolen data).
  • Security researchers at Palo Alto Networks Unit 42 have discovered a new strain of Cylance Ransomware. The ransomware is still under development, targeting both Windows and Linux systems, and has already claimed several victims.
  • A hacker successfully exploited a vulnerability of smart contract function of the SafeMoon crypto-platform and stole nearly nine million dollars.
  • A Japanese multinational Toyota Italy accidentally leaked access to its marketing tools. The access had been public for one-and-a-half years, and its abuse would enable threat actors to launch authentic-looking phishing campaigns on behalf of the company.
  • Telecommunications giant Lumen Technologies announced that it became a target of two cybersecurity incidents (including a ransomware attack). The investigation is still ongoing, but based on the findings so far, the company does not believe the incidents have had or will have adverse impact on its customers or its business, operations or financial results.

« Späť na zoznam