Global Cyber Pulse: 18 September, 2024

September 18, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Compass Group hit by a Medusa ransomware attack with nearly 1TB of data at risk, Sibanye-Stillwater confirms a massive data breach, construction firms face brute force attacks on accounting software, a Chinese hacker is indicted for targeting NASA and U.S. military software, Temu denies claims of a data breach involving 87 million records, and Microsoft warns that Russia is targeting Kamala Harris’s campaign with fake videos.

Stay tuned for the latest global cyber security updates and news.

Compass Group Confirms Medusa Ransomware Attack; Nearly 1TB of Data at Risk

Sydney-based Compass Group has confirmed a major ransomware attack by the Medusa ransomware gang, who claim to have stolen nearly a terabyte of data. The attack has exposed personal data, including passports, driver’s licenses, and wage declarations of Compass Group employees. Medusa is demanding $2 million to delete the data or allow anyone to purchase it, with the threat of publishing the stolen data within eight days.

The gang has already released several sensitive documents as proof of the breach. Among the leaked data are personal identification records of contractors and internal company documents. Compass Group is working to assess the full scope of the attack and its implications for affected individuals.

Sibanye-Stillwater Data Breach Exposes Personal Information of 7,258 Employees

Sibanye-Stillwater, a major mining company, has confirmed a data breach that exposed sensitive information of 7,258 employees, including Social Security numbers, passport numbers, bank account details, and medical information. The attack, discovered in July 2024, resulted in significant operational disruptions, but core mining activities remained unaffected.

The breach highlights the growing cybersecurity risks faced by industrial sectors, particularly in safeguarding employee data. The company is actively investigating the breach and has notified affected individuals, offering fraud protection services to mitigate the impact.

Brute Force Attacks Targeting Construction Firms’ Accounting Software

Construction companies across various sub-industries have fallen victim to brute force attacks on their Foundation accounting servers. Cybercriminals are exploiting weak passwords on highly privileged accounts to breach corporate networks, with active incidents reported in plumbing, HVAC, and concrete firms.

Huntress researchers detected these attacks in mid-September 2024, highlighting the need for stronger security measures, particularly in managing privileged account credentials. These breaches demonstrate the growing trend of targeting niche industries with vulnerable accounting systems.

Chinese Hacker Indicted for Targeting NASA and U.S. Military in Software Theft Scheme

The U.S. Department of Justice has indicted Chinese national Song Wu for wire fraud and aggravated identity theft in connection to a spear phishing campaign targeting U.S. government agencies, including NASA and the U.S. military. Wu allegedly aimed to steal critical aerospace software and source codes used in advanced military applications, such as missile development.

The phishing campaign also targeted research universities and private aerospace companies, marking a severe threat to U.S. national security. Wu’s actions represent a significant attempt to steal intellectual property vital to U.S. innovation and defense capabilities.

Temu Denies Data Breach After Hacker Claims Theft of 87 Million Records

Temu, a popular e-commerce platform, has denied claims of a data breach after a hacker attempted to sell 87 million customer records on the BreachForums hacking forum. The hacker posted a small sample of the alleged data, which included customer details, but Temu stated that no matches were found after cross-referencing the samples with its internal database.

Temu continues to investigate the legitimacy of the claims and has reassured its customers that their data remains secure. The platform’s denial comes amid growing concerns over cybersecurity in the global e-commerce space.

Russia Targets Kamala Harris Campaign with Fake Videos, Warns Microsoft

Microsoft has revealed that Russian disinformation groups are targeting U.S. Vice President Kamala Harris’s campaign through a series of fake videos. These videos, including one falsely showing Harris in a hit-and-run incident, were spread widely on social media, garnering millions of views.

The disinformation campaign aims to damage Harris’s reputation ahead of the election. Microsoft’s Threat Analysis Center has tracked these activities, confirming that Russian troll farms used social media platforms and fake news websites to amplify the fake videos.