CyberSecurity news

FlagThis - #hellcat

Sam Bent@Sam Bent //
Ascom, a Swiss global solutions provider specializing in healthcare and enterprise communication systems, has confirmed a cyberattack on its IT infrastructure. The attack, suspected to be carried out by the Hellcat group, exploited vulnerabilities in Jira servers. The company revealed that hackers breached its technical ticketing system.

The Hellcat group claimed responsibility, stating they stole approximately 44GB of data potentially impacting all of Ascom's divisions. Hellcat hackers are known for using compromised credentials to infiltrate Jira systems, leading to data breaches in multiple organizations. Security experts advise implementing multi-factor authentication, regular security audits, prompt patching, and employee training to mitigate such attacks.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
Classification:
@securityonline.info //
Two Ransomware-as-a-Service (RaaS) operations, HellCat and Morpheus, are exhibiting striking similarities in their attack methods, according to a recent analysis by SentinelOne. Both groups have been found to be using nearly identical payloads to encrypt victim’s data, utilizing the Windows Cryptographic Application Programming Interface (CAPI). Furthermore, both direct victims to access .onion portals via the Tor browser and provided credentials to receive ransom instructions. This overlap in tools and techniques suggests a potential collaboration between HellCat and Morpheus or, perhaps, a shared origin.

The shared code base indicates that affiliates across both groups are compiling payloads that contain almost identical code. Despite differences in victim-specific details, the core functionality of the ransomware is the same: it encrypts file contents, leaving extensions and metadata intact, and delivers a ransom note instructing victims to connect via a Tor browser. While no direct link has been found between the HellCat and Morpheus operators, the identical code suggests the possibility of a common builder application used by affiliates. With ransom demands as high as 32 Bitcoin, approximately $3 million, it is vital that businesses and organizations have a strong threat detection system to mitigate these growing threats.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyberpress.org: The cybersecurity landscape has witnessed a surge in ransomware activity over the past six months, driven by new actors and the resurgence of established groups. Notably, the emergence of ransomware families like FunkSec, Nitrogen, and Termite has been accompanied by the reappearance of Cl0p and the rollout of LockBit 4.0. Simultaneously, Ransomware-as-a-Service (RaaS) offerings such […] The post appeared first on .
  • securityonline.info: Over the past six months, ransomware activity has surged, with new operations like HellCat and Morpheus making their The post appeared first on .
  • www.scworld.com: HellCat, Morpheus RaaS operations leverage similar payloads
  • www.sentinelone.com: SentinelOne's Jim Walter analyses payloads from both HellCat and Morpheus ransomware operations and show how affiliates across both operations are compiling payloads that contain almost identical code.
  • Virus Bulletin: SentinelOne's Jim Walter analyses payloads from both HellCat and Morpheus ransomware operations and show how affiliates across both operations are compiling payloads that contain almost identical code.
  • Cyber Security News: HellCat and Morpheus Ransomware Using Identical Payloads for Infection
  • securityonline.info: HellCat and Morpheus: Ransomware Affiliates Using Identical Payloads to Escalate Attacks
  • securityonline.info: From Victim Profiles to Data Leaks: Inside the Lynx Ransomware-as-a-Service Ecosystem
Classification:
  • HashTags: #Ransomware #HellCat #Morpheus
  • Attacker: HellCat and Morpheus
  • Feature: RaaS
  • Malware: HellCat and Morpheus Ransomware
  • Type: Ransomware
  • Severity: Major
@www.cybersecurity-insiders.com //
Orange Group has confirmed a data breach affecting its Romanian branch after a hacker, allegedly associated with the HellCat ransomware group and known as "Rey," breached their systems. The breach resulted in the exposure of over 380,000 email addresses and other sensitive data belonging to customers, partners, and employees. The attacker claims to have stolen thousands of internal documents after infiltrating the company’s infrastructure, and demanded a ransom which Orange refused to pay.

The leaked dataset includes over 600,000 customer records, employee details, financial documents, and source code. While the breach did not impact Orange’s core services, the company acknowledges major security gaps were highlighted as attackers had access to Orange’s systems for over a month before exfiltrating the data. This incident follows a similar cyber incident reported by Orange Spain just last week, increasing concerns about data security in the telecom sector.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Dataconomy: dataconomy.com on Orange Group data breach: Every step explained
  • The420.in: the420.in on Orange Group Suffers Data Breach: Hacker Claims Theft of Thousands of Internal Documents
  • www.cybersecurity-insiders.com: Orange Group, a telecom services provider based in France, has confirmed that one of its internal systems at its Romanian branch was breached by a cyber attacker identified as “Rey,â€� an individual reportedly associated with the HellCat ransomware group.
  • bsky.app: French telecommunications and digital services provider Orange confirmed that a hacker breached their systems and stole company data that includes customer, partners, and employee information.
  • CyberInsider: Confirmation of a data breach impacting the French telecommunications and digital service provider Orange Group, following the leak of internal documents, particularly those affecting Orange Romania.
Classification:
  • HashTags: #DataBreach #Ransomware #OrangeGroup
  • Company: Orange
  • Target: Orange Group
  • Product: internal systems
  • Feature: data theft
  • Malware: HellCat
  • Type: DataBreach
  • Severity: Major