APT29 moves from Government infrastructure towards Cloud Service Providers
APT29, also known as Midnight Blizard or Cozy Bear and associated with Russian Intelligence, appears to have altered its approach from targeting government infrastructure to focusing on cloud service providers. This strategic shift is driven by the increased challenges posed by law enforcement efforts against infiltrations into government systems. Cloud services offer a more lucrative avenue for malicious actors, as compromising them can have far-reaching consequences, such as impacting global supply chains, as seen in incidents like SolarWinds and the recent MoveIT File transfer software breach.
BlackCat Claims Responsibility for Pharmacy Prescription Delays
Following a recent disruption to Change Health’s IT infrastructure, resulting in halted prescription deliveries to numerous pharmacies, the ransomware gang BlackCat, also known as ALPHV, has asserted control over the servers of both Change Health and United Health’s Optum subsidiary. They are demanding $13 million in exchange for decrypting the compromised 6TB data. Mandiant, the cybersecurity arm of Google’s parent company Alphabet Inc., has been engaged to investigate the breach and assist the affected pharmaceutical companies in resolving the situation. Another pharma company Cencora was also impacted in the cyber attack that seems to be of ransomware variant. However, details are awaited and information is out that the breach was identified on February 21st of this year and the same was reported to the SEC in a recent filing.
Cyber Attack on the Royal Canadian Mounted Police
The Royal Canadian Mounted Police (RCMP) has confirmed an ongoing investigation into a cyber incident affecting its computer network, resulting in the RCMP website being inaccessible for the past 24 hours with an HTTP 404 error message. Visitors to the site are being redirected to a nonexistent webpage, indicating a potential cyber-attack rather than a technical error, as initially suspected.
Germany ThyssenKrupp falls prey to a ransomware attack
ThyssenKrupp, a German steel producing company, has reported a ransomware attack targeting its Automotive division at the onset of last week. This breach has disrupted automotive chassis production to some extent, with the full extent of the damage yet to be determined. While investigations are ongoing, suspicions point towards a ransomware-based cyber-attack as the cause of the breach.
Google’s AI Cyber Defense Gains Momentum
Numerous Fortune 500 companies have expressed interest in Google’s latest AI Cyber Defense initiative, aimed at revolutionizing the cybersecurity landscape through the integration of artificial intelligence. This initiative seeks to address the Defender’s Dilemma by proactively enhancing security postures in alignment with evolving threats. Reports indicate that out of 70 prospects, 35 have shown interest in Google’s initiative, with an additional 13 expected to follow suit by May of this year.
