First is the news about Hive Ransomware targeting the New York Racing Association (NYRA) on 30th of June this year that resulted in disruption of IT services, including the website. Interestingly, the accessed records by the threat actors include health info, health insurance records, Social Security Numbers, and Driving License numbers of customers. NYRA is keen on not entertaining the demands of hackers for ransom and says that it will rebuild the locked-up database with the help of an effective data continuity plan that is already in place.
Second is the news related to SparklingGoblin Threat Group from China that devised a Linux variant tool to engage the SideWalk Backdoor and compromise windows devices. The said threat group is also been identified as Earth Baku and is connected to APT41 Cyberespionage Group.
Coming to the third news related to malware, Vmware and Microsoft have jointly issued a warning against Chromeloader Malware that has evolved into a major threat in recent times. Hackers are seen using this malware to exploit browsers leading to advertising and affiliate frauds.
Fourth is the news related to Lorenz ransomware that is seen using a critical vulnerability in Mitel MiVoice VOIP appliances to infiltrate corporate networks via phone lines. Security firm named Artic Wolf Labs was the first to detect this malware spreading tactic that is now being attributed to the Lorenz Gang. Mitel has acknowledged the vulnerability existence long ago and has released security patches in June this year.
Fifth is the news related to TeamTNT that was thought to be defunct since November 2021. Security researchers from AquaSec have found that the said hacking group is back in action and has started to spread malware that uses the computational power of targeted servers to operate Bitcoin Encryption solvers.
Last is the news about the Russian-Ukraine war. A team of experts from Recorded Future have discovered that Russian hacking group Sandworm has strategically dropped eavesdropping malware tools on some telecom providers of Ukraine, to gather intelligence.
Sandworm, which the US Government links to Russian GRU Military Intelligence, conducted many cyber-attacks on the critical infrastructure of Ukraine, including the botnet one dubbed ‘Cyclops Blink’.
As it failed to take down the infrastructure, it might have devised a new malware that was somehow installed on the telecommunication infrastructure of firms serving the Ukraine populace. The idea might be to eavesdrop on the conversations and gather information which later can be used to taking the war with Kyiv to success.