Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Attacks. Show all posts
Software
Cyber Attacks CyberCrime Cybersecurity Cyberthreart Google Mandiant Scam Alarms Security Concerns Software

North Korea’s Innovative Laptop Farm Scam Alarms Cybersecurity Experts

 


A group of software engineers, many of whom secretly work on behalf of North Korea, has infiltrated major U.S. companies, many of which are Fortune 500 companies, by masquerading as American developers to obtain money from them. This has been confirmed by a coordinated investigation conducted by the U.S Treasury Department, State Department, and the FBI. This elaborate deception, which has been performed for several years, has allowed North Korea to generate hundreds of millions of dollars in revenue every year. 

It has been reported that these operatives, embedded within legitimate remote workforces, have been sending their earnings back to Pyongyang so that they will be used to finance Pyongyang's prohibited weapons of mass destruction and ballistic missile programs. National security officials and cybersecurity experts alike are both alarmed by the scale and sophistication of this operation. Because it represents a massive manipulation of the global digital economy to finance a sanctioned regime's military ambitions, it has raised serious security concerns. 

As detailed in a recent report published by Google's Mandiant division, this North Korean operative pursued employment opportunities within high-level sectors whose security has been deemed especially sensitive, including defence contractors and government agencies within the United States. Apparently, the individual was engaged in a sophisticated pattern of deceiving recruiters, using fabricated references and cultivating trust between recruiters, as well as using alternate online personas as a means to reinforce their legitimacy, as reported by the investigators. 

The case illustrates a more extensive and persistent threat that Western organisations have faced over the years—unwittingly hiring North Koreans under false identities as freelancers or remote workers. As a consequence, these operatives, often embedded deep within corporate infrastructures, have been implicated in a wide range of malicious activities, including intellectual property thefts and extortions, as well as the planting of digital backdoors that can then be exploited at a later date. 

In addition to the illicit earnings from these operations, North Korea also generates revenue through forced labour in Chinese factories, cigarette smuggling, and a high-profile cryptocurrency heist, all of which contribute to North Korea's strategic weaponry programs. Consequently, U.S. authorities have increased their efforts to break down the infrastructure that enables these schemes, raiding laptop farms, issuing sanctions, and indicting those involved. 

It has been noted by Mandiant researchers that North Korean cyber activities are expanding across Europe, indicating that both the scope and scale of the threat have increased considerably over the past few years, with the primary targets remaining U.S.-based companies. There has been a long history of exploiting platforms such as Upwork and Freelancer to pose as highly skilled developers who specialise in fields such as blockchain technology, artificial intelligence, and web development to gain unauthorised access to sensitive corporate environments. 

Besides the fact that North Korea wanted to collect wages illegally from Western companies, there were many other reasons why they infiltrated them. In addition to gaining access to and exfiltrating sensitive internal data once they were embedded in corporate networks, these operatives also had access to and stole proprietary business data, proprietary intellectual property, and confidential communications. It has been proven that this activity is related to both the pursuit of financial gain through ransomware operations as well as the pursuit of state-sponsored espionage objectives. 

Several confirmed incidents have taken place involving North Korean employees who were caught covertly downloading and sending internal company files abroad to unauthorised locations, exposing the organisation to significant security breaches as well as potential financial liabilities. As an incident response manager for cybersecurity firm Sygnia, Ryan Goldberg provided further insights into the scale and sophistication of these operations.

During Goldberg's analysis of a laptop seized from a single such operative, he found advanced surveillance tools suited for infiltrating remote work environments, as reported in The Wall Street Journal. As a result of the tools, Zoom meetings could be monitored live, and sensitive data from the employer's system could be extracted silently. There were several things Goldberg noted about the way they were utilising the remote control that he had never seen before, pointing out that the tactics employed were unprecedented. 

It is a clear indication that traditional cyber defences are no longer adequate against adversaries who leverage human access, social engineering, and stealthy digital surveillance in tandem, demonstrating how the threat landscape has evolved over the years. According to FBI officials and cybersecurity researchers, North Korea’s remote work scam is not a disorganised effort but a meticulously coordinated operation involving specialised teams assigned to different stages of the scheme. 

Dedicated units are reportedly responsible for guiding North Korean IT operatives through every phase of the recruitment process, leveraging artificial intelligence tools to craft convincing résumés and generate polished responses for technical interviews. As a result of FBI officials and cybersecurity researchers' efforts, the North Korean remote work scam is not a disorganised scheme, but rather a meticulously planned operation, where teams of experts are assigned to various stages of the scam. 

It is reported that North Korean IT operatives are being guided by dedicated units through every stage of the recruitment process, using artificial intelligence tools to create convincing summaries and composing polished answers for technical interviews, using artificial intelligence tools. As part of these groups, operatives work systematically to embed themselves within legitimate companies, with a particular focus on roles in software development, IT infrastructure, and blockchain technology. 

In the past few years, law enforcement agencies have issued public warnings about the scam, but analysts, including the intelligence chief of DTEX Systems, have seen a disturbing evolution of the scam. It is becoming increasingly apparent that some of these IT workers have begun to attempt extortion from their employers or have given their credentials to North Korean hacking groups as a result of increased scrutiny. 

Once these advanced persistent threat actors gain access to a computer system, they are able to deploy malware, steal sensitive data, and carry out large-scale cryptocurrency thefts. The scam, as Barnhart emphasised, is not isolated fraud, but is instead part of a broader national strategy. The scam is directly linked to state-sponsored hacking groups, digital financial crime, and the funding of North Korean nuclear and ballistic missile programs. 

A large number of these IT workers are reportedly located in call centre-style compounds in Southeast Asia and parts of China, where they are housed. In addition to being under strict surveillance and under intense pressure, their monthly financial quotas are set - initially around $5,000 for each individual - and there is only a small percentage of the earnings that can be used for personal reasons, sometimes as little as $200. Those who fail to meet these targets often face physical punishments or fear being deported back home to North Korea. 

There has been a dramatic increase in these quotas over the past few months, according to Barnhart, with many workers now being required to earn as much as $20,000 per month through any means possible, regardless of whether that means legitimate freelance work or illegal cyber operations such as crypto scams. A review of the internal communications of the workers by investigators has revealed that they are operating in a high-pressure environment. 

Often, workers are comparing earnings, trading tactics, and strategising to increase their monthly income to meet the demands of the regime by boosting their salaries. They frequently share apartments with up to ten individuals, and together they maintain dozens of jobs at the same time, and can sometimes pay over 70 individual paychecks per month under different aliases, often occupying the same apartment. 

In light of the industrial scale of this operation and its aggressive nature, global cybersecurity officials have expressed concerns regarding the threat that North Korea's hybrid cyber-economic campaigns pose to them as a growing threat. It has become increasingly clear that North Korea is infiltrating its workforce through cyber means, and industry leaders and security professionals are urging businesses to adopt far more stringent procedures for verification and internal monitoring of their employees.

In the age of artificial intelligence and social engineering, traditional background checks and identity verification processes are failing to protect organisations against state-sponsored deception campaigns that leverage artificial intelligence and social engineering at large scales. In order to protect themselves against this evolving threat, organisations in critical infrastructure, finance, defence, and emerging technologies must adopt proactive strategies such as advanced behavioural analytics, continuous access audits, and zero-trust security models. 

There is a need for more than just technical solutions; it is critical that all departments—from human resources to information technology—develop a culture of cybersecurity awareness. This North Korean laptop farm scheme serves as a stark reminder that geopolitical adversaries can easily bypass sanctions, fund hostile programs, and compromise sensitive systems from within by exploiting the digital workforce.

Defeating this challenge, however, calls for not only vigilance, but also the implementation of a coordinated global response- one that brings together policy enforcement, international intelligence exchange, and private sector innovation as well as other components that will lead to success against the next wave of cyber attacks.
Read more »
tata company
cyber attack Cyber Attacks Data Theft M&S tata company

TCS Investigates Possible Link to M&S Cyberattack

 

Tata Consultancy Services (TCS), a leading Indian IT services firm under the Tata Group umbrella, is reportedly investigating whether its systems played any role in the recent ransomware attack that disrupted operations at British retail giant Marks & Spencer (M&S). 

The cyberattack, which occurred in late April 2025, was initially described by M&S as a “cyber incident.” However, subsequent reports confirmed it to be a ransomware assault that severely affected both in-store and online operations. Key services such as contactless payments and Click and Collect were disabled, while online orders came to a standstill. 

Several internal systems were reportedly taken offline as a containment measure. The prolonged disruption, lasting several weeks, had a significant impact on M&S’s business. The company’s market capitalization is estimated to have dropped by £1 billion, and there are allegations that customer data may have been compromised in the breach. 

As M&S continues recovery efforts, TCS is conducting a thorough internal investigation to determine whether any part of its infrastructure might have been involved in the incident. TCS has long been a key technology partner for M&S, which adds urgency to the ongoing review. The attack has once again brought cybersecurity solutions into focus. 

Platforms like Keeper Security, known for their zero-knowledge encryption-based password managers and digital vaults, are gaining traction. Keeper offers features such as two-factor authentication, secure file storage, dark web monitoring, and real-time breach alerts—tools that are increasingly vital in defending against sophisticated cyber threats like ransomware. 
Read more »
User Privacy
Cyber Attacks MathWorks MATLAB Ransomware attack User Privacy

MathWorks Hit by Ransomware Attack Affecting Over 5 Million Clients

 

The renowned MATLAB programming language and numeric computing environment's developer has reported a ransomware attack on its IT systems. 

MathWorks, based in Massachusetts, sent an update to users after initially reporting issues on May 18, stating that the company had been hit by a ransomware attack that shut down online services and internal systems used by employees. 

“We have notified federal law enforcement of this matter,” the company noted. “We have brought many of these systems back online and are continuing to bring other systems back online with the assistance of cybersecurity experts.” 

MathWorks has millions of users, including engineers and scientists who use MATLAB for data analysis, calculation, and other purposes. MATLAB and other MathWorks products are utilised by nearly 6,500 colleges and universities, according to the company.

The firm has 6,500 employees and over 30 offices in Europe, Asia, and North America. This issue affected several MATLAB services as well as parts of the MathWorks website, such as the job page, cloud centre, store, and file exchange. MATLAB Online and MATLAB Mobile were restored on Friday.

MathWorks stated in a Tuesday update that the issue was still being investigated. Several pages on the MathWorks website are still offline. The firm did not immediately respond to a request for comment. 

Verizon's comprehensive data breach report released last month revealed that ransomware was utilised in nearly half of the 12,195 confirmed data breaches in 2024. The researchers discovered that 64% of ransomware victims did not pay the ransoms, up from 50% two years ago, and the typical amount paid to ransomware groups has dropped to $115,000 (down from $150,000 last year). 

“This could be partially responsible for the declining ransom amounts. Ransomware is also disproportionately affecting small organizations,” the researchers noted. “In larger organizations, ransomware is a component of 39% of breaches, while small and medium-sized businesses experienced ransomware-related breaches to the tune of 88% overall.” 

The number of large ransoms paid has also reduced, with Verizon estimating that 95% of ransoms paid will be less than $3 million by 2024. That value is a significant increase above the $9.9 million recorded in 2023.
Read more »
Ransomwares
Advanced Social Engineering Cyber Attacks cybercriminal group data security FBI FBI cybersecurity advisory Law Firms Luna Moth phishing techniques ransomware attacks Ransomwares

FBI Warns of Silent Ransom Group Using Phishing and Vishing to Target U.S. Law Firms

 

The FBI has issued a warning about a sophisticated cybercriminal group known as the Silent Ransom Group (SRG), also referred to by aliases like Luna Moth, Chatty Spider, and UNC3753. This group has been actively targeting U.S.-based law firms and related organizations through advanced phishing techniques and social engineering scams. The group, which has been operational since 2022, is known for using deceptive communication methods to gain unauthorized access to corporate systems and extract sensitive legal data for ransom demands. In the past, SRG’s activities spanned across industries such as healthcare and insurance. 

However, since the spring of 2023, its focus has shifted to legal entities, likely because of the highly confidential nature of the data managed by law firms. The group commonly uses a method called callback phishing, also known as reverse vishing. In this approach, victims receive emails that appear to originate from reputable companies and warn them of small charges for fake subscriptions. The emails prompt users to call a phone number to cancel the subscription. During these calls, victims are instructed to download remote access software under the guise of resolving the issue. Once the software is installed, SRG gains control of the victim’s device, searches for valuable data, and uses it to demand ransom.  

In March 2025, SRG has adapted their strategy to include voice phishing or vishing. In this new approach, the attackers call employees directly, posing as internal IT staff. These fraudulent callers attempt to convince their targets to join remote access sessions, often under the pretext of performing necessary overnight maintenance. Once inside the system, the attackers move swiftly to locate and exfiltrate data using tools like WinSCP or a disguised version of Rclone. Notably, SRG does not prioritize escalating privileges, instead focusing on immediate data theft. The FBI noted that these voice phishing methods have already resulted in multiple successful breaches. 

SRG reportedly continues to apply pressure during ransom negotiations by making follow-up calls to victim organizations. While the group does maintain a public site for releasing stolen data, its use of this platform is inconsistent, and it does not always follow through on threats to leak information. A significant concern surrounding these attacks is the difficulty in detection. SRG uses legitimate system management and remote access tools, which are often overlooked by traditional antivirus software. The FBI advises organizations to remain vigilant, particularly if there are unexplained downloads of programs such as AnyDesk, Zoho Assist, or Splashtop, or if staff receive unexpected calls from alleged IT personnel. 

In response, the FBI urges companies to bolster cybersecurity training, establish clear protocols for authenticating internal IT requests, and enforce two-factor authentication across all employee accounts. Victims of SRG attacks are encouraged to share any information that might assist in ongoing investigations, including ransom communications, caller details, and cryptocurrency wallet data.
Read more »
NCRP
Cyber Attacks CyberCrime Cybersecurity CyberThreat E-Zero FIR FIR High Value Cybercrime I4C NCRP

Automatic e-ZERO FIR Filing Introduced for High-Value Cyber Crimes

 


There has been a significant increase in cybercrime incidents in India recently, and the government of India has responded by launching the e-Zero FIR facility, a landmark initiative that will strengthen the nation's cybersecurity framework and expedite the investigation of digital financial frauds. It was part of a broader effort to strengthen cyber vigilance, increase the responsiveness of law enforcement, and ensure citizens were protected from cyber crimes on an ever-escalating scale. 

Several recent reports highlighting the growing scale of cybercrime in India highlight the urgency of such a measure. It is estimated that over 7,4 lakh cybercrime complaints were filed in the National Cyber Crime Reporting Portal (NCRP) between January and April 2024 alone, according to official figures. It has been estimated that these incidents resulted in financial losses exceeding 1,750 crores, reflecting the increasing sophistication and frequency of digital frauds across the world. 

Further, according to the Indian Cyber Crime Coordination Centre (I4C), in May 2024, authorities received an average of 7,000 complaints regarding cybercrime per day, which indicates a troubling pattern that is persisting and persisting. A study by the International Center for Research on Cyberfrauds has estimated that if preventive measures are not taken to stop cyberfrauds in the future, a loss of $1.2 lakh crore could result, in the future. 

As a result of this situation, the e-Zero FIR system is a crucial tool. By enabling automatic FIR generation for high-value cybercrime cases that involve financial fraud over Rs.10 lakh, the initiative is expected to result in drastic reductions in procedural delays and ensure that legal proceedings are initiated as quickly as possible. 

Aside from empowering victims by simplifying the reporting process, the system also equips law enforcement agencies with a robust tool to take action quickly and decisively against cybercriminals in order to protect themselves. A new system known as e-Zero FIR has been launched in India, aiming at tackling cyber financial fraud as a major threat. This is a transformational step in digitising Indian law enforcement. 

Providing an innovative facility that automatically converts Cyber Fraud Complaints—whether they are submitted through the National Cyber Crime Reporting Portal (NCRP) or through the cybercrime helpline number 1930—into Zero Filings against an individual without requiring any human intervention is the purpose of this project. This system, which is initially intended to be applied to financial frauds of a value over ten lakh rupees, aims to eliminate procedural delays by initiating investigations as soon as possible and thereby giving victims the best chance of recovering and obtaining legal justice.

It is currently being implemented as a pilot project in Delhi, under the guidance of the Indian Cyber Crime Coordination Centre (I4C), as part of its cybercrime prevention and detection strategy. It is anticipated that if it is successful, the government will gradually extend the service nationwide. By utilising automation, the e-Zero FIR framework aims to significantly reduce the time lag between registering a complaint and initiating legal proceedings, an area where conventional FIR filing systems often fail, especially in cases of high-stakes financial crime.

Users need to be aware of what a Zero FIR entails to fully comprehend the foundations of Zero FIRs. This provision guarantees that victims are not turned away because of territorial boundaries, particularly in an urgent or critical situation. Zero FIRs are typically filed at any police station, regardless of jurisdiction, and they can be filed at any police station, regardless of jurisdiction. 

When the FIR has been registered, it is transferred to the appropriate police station where the case is under jurisdiction, where a thorough investigation is conducted. This concept is the digital evolution of e-Zero FIRs, designed to address the issue of cyber financial fraud in a particular way. The system allows victims to file a complaint at any point in the country, whether they call or use the online portal, and the system then generates an FIR automatically, based on the complaint. 

By simplifying not only the complaint process but also strengthening the government's efforts to develop a technology-enabled, responsive justice system that is up to date with the technological advances of the digital age, this not only simplifies but also strengthens the government cannot only simplify but also strengthen its efforts. As part of the government's ongoing effort to modernise cybercrime response mechanisms and legal enforcement infrastructure, the e-Zero FIR initiative represents a significant step forward. 

As a result of the initiative, spearheaded by Union Home Minister Amit Shah, complaints of cyber financial fraud are automatically converted into formal First Information Reports (FIRs) when the total amount involved exceeds $ 100,000. A seamless integration of all complaints processed through the National Cyber Crime Reporting Portal (NCRP) or the national cyber crime helpline number 1930 is made in this automated system in order to ensure that all complaints received will be recognised immediately and that action will be taken by investigators. 

It has been proposed that this initiative be implemented in Delhi and be based on the integration of key national systems. In addition, the Indian Cyber Crime Coordination Centre (I4C) NCRP, the Delhi Police’s e-FIR system, and the National Crime Records Bureau’s (NCRB) Criminal and Criminal Tracking Network and Systems (CCTNS) are also integrated into this initiative. As a result of aligning these platforms, the initiative facilitates rapid registration, real-time data exchange, and rapid transfer of FIRs to the appropriate authorities for investigation by facilitating streamlined registration. 

By establishing this collaborative framework, it is ensured that complaints are processed efficiently, and it is ensured that the law enforcement agencies can begin investigating complaints as quickly as possible. In addition, e-Zero FIRs comply with newly enacted criminal legislation, especially Section 173(1) and Section 1(ii) of the Bhartiya Nagrik Suraksha Sanhita (BNSS), which were enacted in 2005. As a result of these provisions, the legal system must respond quickly to cases involving serious crimes, including cyber fraud, as well as provide effective citizen protection. 

In operationalizing this initiative, the Delhi Police and I4C demonstrate a unified and technologically driven approach to cybercrime that is based on a technology-driven approach. The e-Zero FIR system has the potential to play a transformative role in ensuring timely justice, financial recovery, and the deterrence of digital financial crimes across the country in the future, thanks to its capability for nationwide implementation. 

Developed in collaboration with the Indian Cyber Crime Coordination Centre (I4C), this system is intended to simplify the initial stages of investigating by eliminating procedural delays and to ensure prompt action at the start of an investigation. By automating the filing of FIRs for substantial financial offences, the government aims to curb the rising number of cases of digital fraud, which are often not reported or not resolved because of bureaucratic hiccups. 

Providing immediate legal recognition of complaints through e-Zero FIRs serves as a proactive measure, enabling faster interagency coordination for the handling of cases. As per officials who are in charge of the initiative, after the pilot phase is completed and its effectiveness has been evaluated, the initiative will be implemented across the country after it is evaluated to ensure its effectiveness. 

The move does not just represent a shift towards a more technologically advanced justice system, but it also signifies the government's commitment to safeguarding its citizens from cybercrime, which is a growing threat in an increasingly digital economy. It will be the responsibility of complainants in order to facilitate the conversion of the Zero FIR into a regular FIR by providing them with a maximum window of three days during which they are allowed to physically visit the police station in question to facilitate the implementation of the structured implementation of the e-Zero FIR initiative.

A procedural requirement of this kind ensures that the legal process is not only initiated promptly through automation, but also formally advanced through due diligence to ensure a smoother and more effective investigation has been achieved. As a result of this provision, each case is able to transition efficiently into the traditional legal framework and undergo proper judicial handling while maintaining a balance between speed and procedural accountability. 

A pilot project is currently being run in Delhi as a pilot project, and the initiative was created with scalability in mind. As part of their broader vision to create a cyber-secure Bharat, the Indian government has indicated plans to extend this mechanism to other states and Union Territories in subsequent phases. Using a phased rollout strategy will allow for a systematic evaluation of the program, technological advancements, and capacity building at the state level before it is adopted nationwide. 

Initially, the Delhi e-Crime Police Station will be in charge of registering, routing, and coordinating all of the electronic FIRs generated through the National Cyber Crime Reporting Portal (NCRP) as part of the pilot program. As a result of the specialised unit, which is equipped to handle the complexity of financial fraud, this office will serve as a central point of contact for the processing of complaints during the initial phase of the program. 

A new model of policing aimed at modernising the way law enforcement agencies across the country approach cybercrime by integrating digital tools with conventional policing structures sets a precedent for how law enforcement agencies throughout the country can modernise their approach to cybercrime. This will result in quicker redress, better victim support, and stronger deterrence. 

The e-Zero FIR system solves a major problem where cybercriminals could withdraw funds before a formal case was filed. The Delhi Police's online e-FIR system is now automatically creating FIRs for cyber frauds over 10 lakh rupees at any time, anywhere and anytime. As a result of the direct registration of complaints into the e-FIR system, victims no longer need to visit police stations.

In the next 24 hours, the complaint must be accepted by an Investigating Officer, and the FIR number must be issued. Inspectors are overseeing the investigation. With this new system, law enforcement officials will be able to respond to cybercrime investigations more quickly, minimise delays, and initiate legal action against cybercriminals much more quickly and efficiently across jurisdictions. As India’s digital ecosystem continues to grow, robust, technology-driven law enforcement mechanisms become more central to the country's future success. 

There is no doubt that the introduction of the e-Zero FIR initiative is more than merely a technological change, but it is also a strategic move toward an approach to cybercrime governance that is more proactive and accountable. While this pilot project lays the groundwork for a successful collaboration between law enforcement agencies, continuous system improvement and comprehensive training are required to ensure that the program will be successful in the future.

In the future, stakeholders - from government agencies, financial institutions, cybersecurity experts, and citizens - need to work together to improve cybersecurity vigilance, ensure system integrity, and foster a culture of prompt reporting. Those who understand and utilise this platform responsibly can make a significant difference in whether their lives can be recovered or irreversibly lost. 

Policymakers need to take advantage of this opportunity to revamp India's framework for responding to cybercrime in a manner that is not only efficient but also future-oriented. India needs to embrace e-Zero FIR, a system that serves as both a foundation for reforms in its battle against cyber financial fraud and India's transition toward a fully digital justice system.
Read more »
Ukraine
Cyber Attacks EU Fake news Information War propaganda Russia Ukraine

EU Sanctions Actors Involved in Russian Hybrid Warfare


EU takes action against Russian propaganda

The European Union (EU) announced sweeping new sanctions against 21 individuals and 6 entities involved in Russia’s destabilizing activities abroad, marking a significant escalation in the bloc’s response to hybrid warfare threats.

European Union announced huge sanctions against 6 entities and 21 individuals linked to Russia’s destabilizing activities overseas, highlighting the EU’s efforts to address hybrid warfare threats. 

The Council’s decision widens the scope of regulations to include tangible assets and brings new powers to block Russian media broadcasting licenses, showcasing the EU’s commitment to counter Moscow’s invading campaigns. The new approach now allows taking action against actors targeting vessels, real estate, aircraft, and physical components of digital networks and communications. 

Financial organizations and firms giving crypto-asset services that allow Russian disruption operations also fall under the new framework. 

The new step addresses systematic Russian media control and manipulation, the EU is taking authority to cancel the broadcasting licenses of Russian media houses run by the Kremlin and block their content distribution within EU countries. 

Experts describe this Russian tactic as an international campaign of media manipulation and fake news aimed at disrupting neighboring nations and the EU. 

Interestingly, the ban aligns with the Charter of Fundamental Rights, allowing select media outlets to do non-broadcasting activities such as interviews and research within the EU. 

Propaganda and Tech Companies

The EU has also taken action against StarkIndustries, a web hosting network. The company is said to have assisted various Russian state-sponsored players to do suspicious activities such as information manipulation, interference ops, and cyber attacks against the Union and third-world countries. 

The sanctions also affect Viktor Medvedchuk, an ex-Ukranian politician and businessman, who is said to control Ukranian media outlets to distribute pro-Russian propaganda. 

Hybrid Threats Framework

The sections are built upon a 2024 framework to address Russian interference actions compromising EU fundamental values, stability, independence, integrity, and stability. 

Designated entities and individuals face asset freezes, whereas neutral individuals will face travel bans blocking entry and transit through EU nations. This displays the EU’s commitment to combat hybrid warfare via sustained, proportionate actions.

Read more »
Ransomware
Black Basta Cyber Attacks GoodSync Microsoft Ransomware

Hackers Tricking Employees with Fake IT Calls and Email Floods in New Ransomware Scam

 


A growing number of cyberattacks are being carried out by a group linked to the 3AM ransomware. These attackers are using a combination of spam emails and fake phone calls pretending to be a company’s tech support team. Their goal is to fool employees into giving them access to internal systems.

This method, which has been seen in past cyber incidents involving other groups like Black Basta and FIN7, is becoming more widespread due to how effective it is. Cybersecurity company Sophos has confirmed at least 55 attacks using this approach between November 2024 and January 2025. These incidents appear to come from two different hacker groups following similar tactics.

In one recent case during early 2025, the attackers targeted a company using a slightly different method than before. Instead of pretending to be tech support over Microsoft Teams, they called an employee using a fake caller ID that showed the company’s actual IT department number. The call took place while the employee’s inbox was being flooded with dozens of spam emails in just minutes — a technique known as email bombing.

During the call, the attacker claimed the employee's device had security issues and asked them to open Microsoft’s Quick Assist tool. This is a real remote help feature that allows another person to take control of the screen. Trusting the caller, the employee followed instructions and unknowingly handed over access to the attacker.

Once inside, the hacker downloaded a dangerous file disguised as a support tool. Inside the file were harmful components including a backdoor, a virtual machine emulator (QEMU), and an old Windows system image. These tools allowed the attacker to hide their presence and avoid detection by using virtual machines to move through the network.

The hacker then used tools like PowerShell and WMIC to explore the system, created a new admin account, installed a remote support tool called XEOXRemote, and gained control of a domain-level account. Although Sophos security software stopped the ransomware from spreading and blocked attempts to shut down protections, the hacker managed to steal 868 GB of company data. This data was sent to cloud storage using a syncing tool called GoodSync.

The full attack lasted around nine days. The majority of the data theft happened in the first three days before the attackers were cut off from further access.

To protect against such attacks, Sophos suggests reviewing admin accounts for weaknesses, using security tools that can spot unusual uses of trusted programs, and setting strict rules for running scripts. Most importantly, companies should train employees to recognize signs of fake support calls and suspicious emails, as these scams depend on fooling people — not just machines.

The 3AM ransomware group is relatively new, first spotted in late 2023, but appears to have links with well-known cybercrime networks like Conti and Royal.


Read more »
Ransomware attack
Cyber Attacks Cyberattack elective procedures Interlock gang Kettering Health Ohio hospitals Ransomware attack

Ransomware Attack Disrupts Kettering Health Network, Elective Procedures Canceled Across 14 Ohio Facilities

 

A ransomware incident has caused a significant “system-wide technology outage” at a network of over a dozen medical centers in Ohio, resulting in the cancellation of both inpatient and outpatient elective procedures. This information comes from a statement released by the health system and a ransom note obtained by CNN.

Kettering Health, which serves a substantial portion of Ohio and employs more than 1,800 physicians, confirmed in a statement that the cyberattack began Tuesday morning and has created “a number of challenges” across its 14 facilities. The disruption has also affected the network’s call center. Despite this, emergency rooms and outpatient clinics remain operational and continue to treat patients.

“Inpatient and outpatient procedures have been canceled for today,” the network said in its statement. “Scheduled procedures at Kettering Health medical centers will be rescheduled.” It added that contingency protocols are in place “for these types of situations” to maintain safe and high-quality patient care.

Internally, Kettering Health's IT teams and executives are working to limit the damage from the ransomware attack. According to the ransom note reviewed by CNN, hackers deployed ransomware on the network’s computer systems.

“Your network was compromised, and we have secured your most vital files,” the note reads. It warns that the attackers may release allegedly stolen data online unless negotiations for a ransom payment begin.

The note includes a link to an extortion platform tied to the ransomware group known as Interlock, which surfaced in late 2023. Since then, the group has reportedly targeted various sectors including technology, manufacturing, and government organizations, as per Cisco’s cyber-intelligence division, Talos.

A spokesperson for Kettering Health did not offer additional details beyond the network’s official statement.

Typically, major cyber incidents affecting U.S. healthcare providers involve responses from the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA). CNN has reached out to all three agencies for comment.

Cybercriminals have long targeted the U.S. healthcare sector, viewing hospitals as particularly vulnerable and likely to pay ransoms to prevent disruptions in patient care. Last year, healthcare organizations reported more than 440 ransomware incidents and data breaches to the FBI—more than any other critical infrastructure sector.

In the past 18 months, a string of high-profile cyberattacks on major health providers has directly affected patient care nationwide, prompting growing concern among lawmakers and federal authorities about the resilience of U.S. healthcare cybersecurity systems.

One such attack last year on Ascension, a nonprofit health system based in St. Louis with operations across 19 states, left nurses at some hospitals working without access to electronic health records, compromising patient safety, according to what two nurses told CNN. Similarly, a February 2024 ransomware attack on a UnitedHealth Group subsidiary disrupted pharmacy services across the country and exposed sensitive data belonging to a large number of Americans.
Read more »
Subscribe to: Posts (Atom)