CyberSecurity news
FlagThis - #hellcat
|
Sam Bent@Sam Bent
//
Ascom, a Swiss global solutions provider specializing in healthcare and enterprise communication systems, has confirmed a cyberattack on its IT infrastructure. The attack, suspected to be carried out by the Hellcat group, exploited vulnerabilities in Jira servers. The company revealed that hackers breached its technical ticketing system.
The Hellcat group claimed responsibility, stating they stole approximately 44GB of data potentially impacting all of Ascom's divisions. Hellcat hackers are known for using compromised credentials to infiltrate Jira systems, leading to data breaches in multiple organizations. Security experts advise implementing multi-factor authentication, regular security audits, prompt patching, and employee training to mitigate such attacks.
Share:
References :
Classification:
@securityonline.info
//
Two Ransomware-as-a-Service (RaaS) operations, HellCat and Morpheus, are exhibiting striking similarities in their attack methods, according to a recent analysis by SentinelOne. Both groups have been found to be using nearly identical payloads to encrypt victim’s data, utilizing the Windows Cryptographic Application Programming Interface (CAPI). Furthermore, both direct victims to access .onion portals via the Tor browser and provided credentials to receive ransom instructions. This overlap in tools and techniques suggests a potential collaboration between HellCat and Morpheus or, perhaps, a shared origin.
The shared code base indicates that affiliates across both groups are compiling payloads that contain almost identical code. Despite differences in victim-specific details, the core functionality of the ransomware is the same: it encrypts file contents, leaving extensions and metadata intact, and delivers a ransom note instructing victims to connect via a Tor browser. While no direct link has been found between the HellCat and Morpheus operators, the identical code suggests the possibility of a common builder application used by affiliates. With ransom demands as high as 32 Bitcoin, approximately $3 million, it is vital that businesses and organizations have a strong threat detection system to mitigate these growing threats.
Share:
References :
Classification:
@www.cybersecurity-insiders.com
//
Orange Group has confirmed a data breach affecting its Romanian branch after a hacker, allegedly associated with the HellCat ransomware group and known as "Rey," breached their systems. The breach resulted in the exposure of over 380,000 email addresses and other sensitive data belonging to customers, partners, and employees. The attacker claims to have stolen thousands of internal documents after infiltrating the company’s infrastructure, and demanded a ransom which Orange refused to pay.
The leaked dataset includes over 600,000 customer records, employee details, financial documents, and source code. While the breach did not impact Orange’s core services, the company acknowledges major security gaps were highlighted as attackers had access to Orange’s systems for over a month before exfiltrating the data. This incident follows a similar cyber incident reported by Orange Spain just last week, increasing concerns about data security in the telecom sector.
Share:
References :
Classification:
|