FlagThis - #qilin

Lee Enterprises, a major American media company with over 75 publications, has confirmed a ransomware attack that has disrupted operations across its network. The notorious Qilin ransomware gang has claimed responsibility for the February 3rd attack, alleging the theft of 350GB of sensitive data. This stolen data purportedly includes investor records, financial arrangements, payments to journalists and publishers, funding for tailored news stories, and even approaches to obtaining insider information. The cyberattack has resulted in widespread outages, significantly impacting the distribution of printed newspapers, subscription services, and internal business operations.

The attack has caused delays in the distribution of print publications and has partially limited online operations. Lee Enterprises anticipates a phased recovery over the next several weeks and has implemented temporary measures, including manual processing of transactions. The company has also launched a forensic investigation to determine the full extent of the breach. The Qilin ransomware group's actions have brought attention to the increasing threat facing media organizations and the importance of robust cybersecurity measures to protect sensitive information and maintain operational integrity.


References :

• securityaffairs.com: SecurityAffairs: Qilin ransomware gang claimed responsibility for the Lee Enterprises attack
• www.cysecurity.news: CySecurity News: Lee Enterprises Faces Prolonged Ransomware Attack Disrupting Newspaper Operations
• The420.in: The420.in: American Media Group Hit by Cyber Attack, 75 Newspapers Disrupted & Informers’ Data Leaked
• bsky.app: The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company.
• bsky.app: The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company.
• Information Security Buzz: Qilin Claims Lee Enterprises Ransomware Attack
• securityaffairs.com: The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises, Inc. is a publicly traded American media company. It publishes 79 newspapers in 25 states, and more than
• CyberInsider: Reports that Qilin ransomware gang claimed responsibility for Lee Enterprises attack, threatens to leak stolen data
• www.cysecurity.news: reports on Ransomware
• Zack Whittaker: Lee Enterprises is still experiencing disruption and outages after a ransomware attack.
• Metacurity: UK ICO launches children's social media privacy probe, Qilin claims attack on Lee Enterprises, Polish Space Agency breached, Cellebrite zero days used to hack Serbian student's phone, Man sentenced to 24 years for putting CSAM on dark web, Canceled CFPB contracts threaten data security, much more
• Konstantin :C_H:: Qilin claims attack on Lee Enterprises,
• The420.in: Qilin ransomware group claimed responsibility for the Lee Enterprises attack.
• Kim Zetter: Reports Qilin claims attack on Lee Enterprises
• BleepingComputer: Qilin claiming responsibility for the cyberattack on Lee Enterprises.
• BleepingComputer: Qilin Ransomware Gang Claims Lee Enterprises Attack
• DataBreaches.Net: Japanese cancer hospital confirms breach; Qilin gang claims responsibility
• The Register - Security: Qilin ransomware gang claims attacks on cancer clinic, OB-GYN facility
• www.cysecurity.news: Qilin Ransomware Outfit Claims Credit for Lee Enterprises Breach
• www.scworld.com: The ransomware group Qilin has taken credit for the cyberattack on Lee Enterprises.

Classification:

• HashTags: #ransomware #cyberattack #media
• Company: Lee Enterprises
• Target: Lee Enterprises
• Attacker: Qilin
• Product: web servers
• Feature: ransomware attack
• Malware: Qilin
• Type: Ransomware
• Severity: Major

Microsoft has identified a North Korean hacking group known as Moonstone Sleet, previously tracked as Storm-1789, deploying Qilin ransomware in limited attacks. This represents a shift for the group, as they have historically used custom-built ransomware. The adoption of Qilin ransomware signifies a move towards Ransomware-as-a-Service (RaaS), where they utilize ransomware developed by external operators rather than relying solely on their own tools.

Moonstone Sleet's move to RaaS marks a new era in cyber threats, primarily driven by financial motivations, a departure from previous espionage-focused operations. They have been observed demanding ransoms as high as $6.6 million in Bitcoin. The group has also been known to use creative tactics, including fake companies, trojanized software, and even a malicious game to infiltrate targets, showcasing their adaptability and resourcefulness.


References :

• gbhackers.com: North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware
• The DefendOps Diaries: Moonstone Sleet's Shift to Ransomware-as-a-Service: A New Era in Cyber Threats
• BleepingComputer: Microsoft: North Korean hackers join Qilin ransomware gang
• Cyber Security News: North Korean Moonstone Sleet Deploys Custom Ransomware with Creative Tactics

Classification:

• HashTags: #Ransomware #NorthKorea #Qilin
• Company: Microsoft
• Attacker: Moonstone Sleet
• Product: Qilin
• Feature: Ransomware Deployment
• Malware: Qilin
• Type: Ransomware
• Severity: Major