The summary from Private Industry Notification #20200330 by the FBI, issued March 30: Since at least 2016, the FBI has observed an Advanced Persistent Threat (APT) actor conduct a global network exploitation campaign using the Kwampirs Remote Access Trojan (RAT) and is providing additional, non-technical information in an effort to highlight key objectives of...
Zack Whittaker reports: Kimchuk, a medical and military electronics maker, has been hit by data-stealing ransomware, TechCrunch has learned. The Danbury, Conn.-based manufacturer, which builds electronics for medical equipment, telecoms systems and energy grids, also makes nuclear modules for the Navy, work that often requires security clearance. Read more on TechCrunch.
Lawrence Abrams reports that three more ransomware families have adopted the model of using websites to leak victims’ data if they don’t pay extortion demands: Nefilim Ransomware has launched a site called “Corporate Leaks” CLOP Ransomware — the team behind the Maastricht University attack — has also released a leak site called “>_CL0P^_- LEAKS” ...
Dan Goodin reports: Researchers have unearthed an attack campaign that uses previously unseen malware to target Middle Eastern organizations, some of which are in the industrial sector. Researchers with Kaspersky Lab, the security firm that discovered the campaign, have dubbed it WildPressure. Read more on Ars Technica.
REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation