By Ashwani Mishra, Editor-Technology, 63SATS
North Korean hackers are targeting the energy and aerospace sectors with the new MISTPEN malware, global law enforcement has dismantled the ‘Ghost’ cybercrime platform used for drug trafficking and money laundering, Russian cybersecurity firm Dr.Web has thwarted a targeted cyberattack on its infrastructure, U.S. intelligence agencies warn of a Chinese botnet compromising 260,000 devices globally, and Microsoft issues a warning about Vanilla Tempest ransomware targeting U.S. healthcare organizations.
Stay updated on the latest trends and incidents in the global cybersecurity space.
North Korean Hackers Target Energy and Aerospace Sectors with New MISTPEN Malware
A North Korea-linked cyber-espionage group, tracked as UNC2970 by Mandiant, has launched a new malware called MISTPEN targeting energy and aerospace industries. The attack method involves phishing lures disguised as job offers. UNC2970, believed to be connected to the notorious Lazarus Group, is known for infiltrating critical sectors like government, defense, and telecommunications since 2013. The goal remains consistent: collecting strategic intelligence to support North Korea’s objectives. The group operates under the Reconnaissance General Bureau (RGB), North Korea’s intelligence agency.
Global Law Enforcement Dismantles ‘Ghost’ Cybercrime Platform Used for Drug Trafficking and Money Laundering
A global law enforcement operation has successfully dismantled the encrypted communication platform “Ghost,” notorious for its role in enabling large-scale drug trafficking and money laundering. Europol, leading the operation, announced the arrest of 51 individuals across multiple countries, with more arrests expected. The takedown also thwarted several life-threatening plots, seized over €1 million in cash, and led to the discovery of a drug lab in Australia. Ghost had gained popularity among criminal networks for its advanced encryption features, making its dismantling a major victory for law enforcement.
ServiceNow Instances Found Exposing Sensitive Knowledge Base Data, Warns Security Researcher
Over 1,000 ServiceNow instances have been identified as exposing sensitive internal Knowledge Base (KB) data, according to research by SaaS security vendor AppOmni. The exposures are largely attributed to outdated or misconfigured access controls. KB data often contains crucial internal information intended for staff only, making these misconfigurations a significant risk to organizational security. The report emphasizes the importance of regular access control audits to prevent unintentional exposure.
Russian Cybersecurity Firm Dr.Web Thwarts Targeted Cyberattack on Its Infrastructure
Russian cybersecurity company Doctor Web revealed that it successfully defended against a targeted cyberattack on its infrastructure. The attack, detected on September 14, prompted the company to disconnect its systems and perform a thorough security check. The company assured its customers that no Dr.Web-protected users were affected. While the incident temporarily suspended its virus databases, Doctor Web emphasized that the attack was neutralized before any damage could occur.
Chinese Botnet Compromises 260,000 Devices Globally, U.S. Intelligence Agencies Warn
U.S. intelligence agencies have issued a warning about a Chinese botnet that has compromised over 260,000 devices worldwide, including routers, firewalls, NAS, and IoT devices. The botnet, linked to Chinese cyber actors, has been used to launch distributed denial of service (DDoS) attacks and compromise U.S. networks. A coordinated law enforcement operation has disrupted the botnet, preventing further damage. Investigators identified 66 vulnerabilities across various products from major IT and networking companies, highlighting the widespread impact of the campaign.
Microsoft Warns of Vanilla Tempest Ransomware Targeting U.S. Healthcare Organizations
Microsoft has alerted organizations to an increase in ransomware attacks by Vanilla Tempest, a ransomware-as-a-service (RaaS) operation. The group has recently focused on U.S. healthcare organizations, deploying INC Ransom. Vanilla Tempest has previously targeted high-profile companies such as Yamaha Motor Philippines and Scotland’s National Health Service. In May 2024, a hacker attempted to sell the source code for INC Ransom, further raising concerns about the spread of this ransomware strain.