Phishing attacks are a common form of social engineering, frequently targeting global organizations. To ensure anti-phishing protection for your systems, follow this week’s major hacking news and stay a step ahead of the adversaries.
Cyberattack Hits Ukrainian Radio Operator TAVR Media
A cyberattack recently targeted the Ukrainian radio operator TAVR Media which led to the circulation of a fake broadcast message that President Volodymyr Zelenskyy was ill. The attackers spread the news that Volodymyr Zelenskyy is unwell and in intensive care and that his duties are currently being performed by Ruslan Stefanchuk (the Chairman of the Verkhovna Rada).
TAVR Media regulates nine radio stations, including Hit FM, KISS FM, Radio ROKS, Radio RELAX, Nashe Radio, Melody FM, Radio JAZZ, Radio Bayraktar, and Classic Radio. The operator informed people via Facebook that the attack brought down its networks and servers. Further, it clarified that none of the information about Ukrainian President Volodymyr Zelenskyy’s health problems is true. TAVR Media is now taking phishing attack prevention measures to stop the attack’s spread. This fake broadcast also prompted the President to use Instagram and let everyone know he is feeling healthy.
Cyberattack Hits Knauf Group
A cyberattack recently targeted the Knauf Group, which disrupted its business operations and caused its global IT team to shut down. Consequently, the group had to briefly abandon all IT systems to contain the attack’s spread. The attack happened on 29th June 2022, and Knauf quickly adopted phishing protection measures. The group apologized to its customers and partners for any inconvenience caused and requested their patience in case deliveries were a little delayed.
Cybersecurity experts noted that Knauf Group’s email system was down as part of the attack response procedure. However, its Microsoft Teams and mobile phones were working fine. Knauf Group is a renowned German construction materials producer. While it did not mention the type of attack, the prolonged time it took to revive from the attack suggests that it could have been a ransomware attack.
Days after the attack, the ransomware gang Black Basta took ownership of the Knauf attack on its extortion site. As proof of the attack, Black Basta posted 20% of the files stolen from Knauf, which equates to the data of around 350 visitors.
Cyberattack Shuts Down Albanian Government Systems
A massive cyberattack from abroad recently targeted the Albanian government and shut down its systems. The cyberattack targeted the National Agency for Information Society (AKSHI) servers responsible for handling many government services. In a statement following the attack, AKSHI mentioned that it had to shut down its systems till the enemy attacks had been neutralized. This happens to be the first time such a major attack has targeted Albania, and to contain its spread; the AKSHI had to shut down all of its systems and services.
Since servers affected by the attack handled most desk services, several services remained interrupted. However, a few important services, like the online tax filing system, were working fine because servers unaffected by the breach were handling them. The Microsoft Jones Group International team assists AKSHI in ensuring protection from phishing attacks and restoring its systems.
Ransomware Hits Narragansett Bay Commission
A ransomware attack recently targeted the Narragansett Bay Commission, which runs sewer systems in the Providence and Blackstone Valley areas. A spokeswoman for the commission confirmed that the attack occurred via an email to The Providence Journal. While the spokesperson didn’t mention the attack type, it could be a ransomware attack. This is because data on certain systems and computers were reportedly encrypted.
The commission denied responding to a follow-up email asking whether it paid a ransom. However, the spokesperson did mention that the attacked systems were not in charge of controlling the sewage system’s operations. Therefore, the collection of waste and its treatment continues uninterrupted.
As part of its measures to ensure protection against phishing, the Narragansett Bay Commission contacted law enforcement immediately. So far, it’s unclear whether customer information was accessed during this attack. If anyone’s PII (Personally Identifiable Information) is found to have been compromised because of this attack, then the commission will immediately provide notice to such individuals. Fortunately, the Narragansett Bay Commission never stores customers’ social security numbers or payment information.
Beware of North Korean Ransomware Holy Ghost
A new ransomware group has been in operation for over a year. Known as “Holy Ghost,” this ransomware linked to North Korean hackers primarily targets small businesses across different countries. The first payload of Holy Ghost (DEV-0530) was seen in June 2021. Its earlier version, SiennaPurple (BTLC_C[.]exe), lacked many new features introduced in October 2021.
The latest versions of Holy Ghost include the HolyLocker[.]exe, BTLC[.]exe, and HolyRS[.]exe payloads, and they were used in the latest campaigns. Over time, these variants have evolved to include more encryption options, internet/intranet support, public key management, and string obfuscation. The ransomware group’s main targets include banks, schools, event and meeting planning entities, and manufacturing organizations. The threat actors usually demand 1.2 – 5 BTC for each attack.
The uncovering of the Holy Ghost ransomware after a year is proof of the effort adversaries make to keep their operations hidden and smooth. Therefore, it is advised that organizations take measures to protect themselves from phishing and come forward collaboratively to help mitigate such attacks.
Cyberattack Hits Lithuanian Ad Website alio.lt
A cyberattack recently targeted the Lithuanian ad website alio.lt, which compromised the data belonging to thousands of customers. From the looks of it, experts predict that this could have been another Russian attack on Lithuania’s online space. Since most business entities fail to resist such attacks, this kind of attack has increased rapidly.
An alio.lt spokesperson said that the company is trying its best to protect users and has already implemented its legal action plan. The adversaries attempted to extract the data of over 345,000 users. While the exact quantity of data extracted remains uncertain, alio.lt is taking all anti-phishing measures. It has contacted the Computer Emergency Response Team, the State Data Protection Inspectorate, and the police about the incident. Fortunately, the portal doesn’t store sensitive customer details such as payment card or bank account details, home addresses, or personal ID codes.
Data Breach at Cleartrip
The Indian travel-booking platform Cleartrip recently confirmed that it had undergone a data breach. The adversaries claim to have posted the stolen data on the dark web. Cleartrip mentioned that after detecting some suspicious activities in its internal systems, it is now taking legal action against the adversaries. The company’s information security team is investigating the incident with the cooperation of an external forensics partner and taking necessary phishing prevention measures.
So far, it is unknown whether the data stolen was sensitive, but as per reports, the attackers are already selling this information on a private, invite-only forum in the dark market. From the look of the data on sale, the hackers stole all of Cleartip’s data, including files with revenues, customer details, GST filings, etc. The nature of the stolen data also hints at the involvement of an insider in the breach.
The stolen information includes data from June 2022, indicating that the hack is fairly recent. As part of its measures for protection from phishing, Cleartrip started informing users of the breach, albeit without disclosing the specifics of the incident. It assured users that no sensitive details were compromised and advised them to change their account passwords for added security.
Altahrea Team Claims Ownership of Attack on Israel’s Health Ministry Website
Pro-Iranian hackers based in Iraq, called the Altahrea Team, have recently claimed ownership of the attack on Israel’s Health Ministry website. The cyberattack on the Health Ministry website disrupted communication with users abroad. Consequently, while the website worked fine for the local Israelis, those trying to access it from abroad couldn’t do so. The ministry was dealing with the incident internally, but eventually, the Altahrea group took to its Telegram channel to claim responsibility for this attack.
It mentioned that (among other reasons) the attack was conducted because Israel bombed the Gaza Strip recently and put sanctions on Iran, which is purportedly killing thousands. Further, the group justified the attack by saying that this marks an act of support for Ukraine amidst the ongoing war.