Bits ‘n Pieces, Part 2: Some Non-U.S. Incidents (updated)
The Czech Republic
Institut plánování a rozvoje hl. m. Prahy (IPR) (the Institute of Planning and Development of the Capital The City of Prague (IPR) reported (machine translation) that it had been infected with a crypto miner virus which used the computing capacity of the institute for crypto currency mining. For preventive reasons, it was necessary to cut off IPR completely from the Internet and disconnect all IPR network services.
Intensive cleaning measures and preparations for the restoration of all systems are underway. The relaunch should take place in the second half of this week.
La Opinion reports that data from four sites in Argentina were offered for sale and then dumped on a popular clearnet forum where data are often sold or shared.
Data from more than 12,500 users who are registered on the Municipality of San Pedro (sanpedro.gov.ar) web site were stolen, and when there were no buyers, just dumped on the forum. The person who alerted La Opinion noted:
“The information is true and corresponds to the Municipality,” he explained. It is the data of 12,566 users with their e-mails, the access keys to the Municipality’s platform and other fiscal data of those who are registered there: taxpayers, common neighbors, suppliers, etc.
The full forum listing included data allegedly from four entities:
- sanpedro.gov.ar, Municipalidad de San Pedro (City of San Pedro)
- jus.mendoza.gov.ar, Poder Judicial de Mendoza (Judicial Power of the City of Mendoza)
- iosep.gov.ar, Instituto de Obra Social del Empleado Provincial (Institute of Social Work of the Provincial Employee)
- hcdsannicolas.gov.ar, Honorable Concejo Deliberante de San Nicolás (Honorable Deliberative Council of the City of San Nicolás)
Correio Braziliense reports that the website of the Prefeitura de Águas Lindas de Goiás (City Hall of Águas Lindas de Goiás) suffered a cyberattack. All services through the platform were suspended other than the COVID-19 scheduler for vaccinations.
A notice was also posted to the city hall’s Facebook page.
BauernZeitung reports that Austria’s third largest dairy, SalzburgMilch, was the victim of a cyberattack on Wednesday evening.
In May, the Ehrmann SE dairy in Germany suffered a ransomware attack. It is not known if the same threat actors were involved in the SalzburgMilch incident, but this latest incident is described as significant in its impact (machine translation):
The perpetrators apparently changed all passwords on Tuesday evening, resulting in a total breakdown of the IT systems. Orders were no longer possible as a result. Experts are working flat out to repair the damage.
The dairy has not made any statements about any ransom demand or whether it is negotiating or would be willing to negotiate any ransom.
Update: The SalzburgMilch attack was subsequently added to Pay or Grief’s dedicated leak site on June 28, but as of July 1, no data dump has been made publicly available.
Reporting by Chum1ng0, editing by Dissent