Akira ransomware, a prominent threat actor, is continuously evolving its tactics and targeting vulnerable systems, particularly network appliances. Their latest ransomware encryptor targets both Windows and Linux hosts. Akira affiliates have been exploiting vulnerabilities in SonicWall SonicOS, Cisco ASA/FTD, and FortiClientEMS for initial access, followed by credential harvesting, privilege escalation, and lateral movement. The group’s recent shift back to encryption methods, coupled with data theft extortion, emphasizes their focus on stability and efficiency in affiliate operations.
The Russian-speaking threat actor group known as UAT-5647, also known as RomCom, has been observed targeting Ukrainian government entities and unknown Polish entities since late 2023. The group has expanded its arsenal to include four distinct malware families: RustClaw and MeltingClaw (downloaders), DustyHammock (RUST-based backdoor), and ShadyHammock (C++-based backdoor). UAT-5647’s attacks are likely a two-pronged strategy of establishing long-term access for espionage and potentially pivoting to ransomware deployment to disrupt and gain financially from the compromise.
Cisco experienced a significant data breach, allegedly perpetrated by the IntelBroker hacking group. The breach, which occurred on Thursday, exposed sensitive information of Cisco’s customers, including Microsoft, Barclays, and SAP developer data. The stolen data, which is being sold on the dark web, includes confidential information and potentially compromise systems and accounts. This incident highlights the growing threat of data breaches and the importance of robust security measures for organizations, especially those handling sensitive information.