A new cybersecurity advisory details tactics, techniques, and procedures (TTPs) used by the BianLian ransomware group, which is suspected of targeting critical infrastructure. BianLian’s methods include data exfiltration and extortion. The advisory underscores the growing threat of ransomware attacks targeting critical infrastructure and highlights the need for proactive security measures to mitigate the impact of such incidents.
Mikhail Pavlovich Matveev, also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin, a notorious ransomware affiliate, was arrested in Russia for developing malware and involvement in several hacking groups. He faced US sanctions and charges, highlighting the international collaboration to combat cybercrime. The arrest is significant due to Wazawaka’s prolific malware development and ties to major ransomware operations.
Over 2,000 Palo Alto Networks devices were compromised in a large-scale attack exploiting vulnerabilities CVE-2024-0012 and CVE-2024-9474. Attackers bypassed authentication, escalated privileges, and deployed malware. The US and India were particularly impacted.
A Chinese commercial vessel, Yi Peng 3, is suspected of intentionally dragging its anchor across the Baltic seabed, severing two critical undersea telecommunications cables between Lithuania, Sweden, Finland, and Germany. Western officials believe that Russia likely orchestrated the incident as an act of sabotage against EU maritime infrastructure. The incident disrupted communications and raised concerns about the vulnerability of undersea cables. The Chinese ship’s actions, involving extended anchor dragging while its transponder was disabled, point to deliberate actions.
The Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, reflecting a surge in attacks targeting critical systems. These include vulnerabilities in Apache HugeGraph-Server (CVE-2024-27348) and Ivanti Cloud Service Appliance (CVE-2024-8963). Organizations are urged to prioritize patching these vulnerabilities to mitigate the risk of exploitation. The growing number of vulnerabilities being actively exploited underscores the importance of maintaining up-to-date security measures to protect systems from attackers who are actively scanning the internet for vulnerable systems.
The Russian General Staff Main Intelligence Directorate’s (GRU) 161st Specialist Training Center, also known as Unit 29155 or Cadet Blizzard, has been actively conducting global cyberattacks. These attacks have targeted critical infrastructure and aimed at espionage, sabotage, and reputational harm. The U.S. government has officially attributed the group to these operations and is offering a $10 million reward for information leading to the identification of its members. This group’s activities are a significant concern as they demonstrate a willingness to utilize cyberattacks to destabilize and harm other nations.
Interpol, in collaboration with Afripol, conducted Operation Serengeti, resulting in the arrest of over 1,000 cybercrime suspects across 19 African countries. The operation targeted various cybercrimes, including ransomware, business email compromise (BEC), digital extortion, and online scams, impacting more than 35,000 victims with millions in financial losses. This highlights the significant cybercrime activity within the region and the need for international cooperation to combat these crimes.
Multiple Chinese Advanced Persistent Threat (APT) groups, including Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant, are engaging in sophisticated cyber espionage and disruptive campaigns. These groups employ various techniques, including “living off the land” (LOTL) methods, to compromise critical infrastructure, ISPs, and IoT devices. Volt Typhoon’s focus is on U.S. communication infrastructure, often leveraging compromised Fortinet devices for data exfiltration. Salt Typhoon targets U.S. Internet Service Providers (ISPs), seeking to compromise routers and network devices for data collection. Flax Typhoon utilizes compromised IoT devices to build botnets for command and control purposes, aiming at entities in Taiwan and expanding globally. Velvet Ant, a lesser-known group, targets software supply chains, aiming to indirectly infiltrate larger networks. These groups pose a serious threat to critical infrastructure and national security, requiring vigilant defense strategies to combat their stealthy operations.