Microsoft Seizes Domains From Chinese Group 'NICKEL' Used to Attack Governments

NICKEL is a China-based threat actor that targets governments, diplomatic entities, and NGOs around the world. Microsoft’s Digital Crimes Unit has disrupted their operation.

MSTIC has observed NICKEL actors using exploits against unpatched systems to compromise remote access services and appliances. Upon successful intrusion, they have used credential dumpers or stealers to obtain legitimate credentials, which they used to gain access to victim accounts. NICKEL actors created and deployed custom malware that allowed them to maintain persistence on victim networks over extended periods of time.

Cuba Ransomware Gang Made $43.9 Million in Ransom Payments

The FBI also said it traced attacks with Cuba ransomware to systems infected with Hancitor. This is a malware operation to access Windows machines.

It is also worth mentioning that Cuba is also one of the ransomware groups that gather and steal sensitive files from compromised companies before encrypting their files. If companies don’t pay, the Cuba group will threaten to dump sensitive files on a website they have been operating on the dark web since January this year.

Planned Parenthood Hack Leaked Data for 400,000 Patients

In October, a Planned Parenthood facility in Los Angeles suffered a data breach. It affected about 400,000 patients.

Letters from PPLA to affected patients warned that “we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

US Issues Joint Advisory Warning Companies of Iranian Ransomware

In a joint advisory issued on Wednesday, the U.S. is warning that Iranian state-backed hackers are targeting infrastructure companies with ransomware.

The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations. FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors.

FBI Says Data Was Not Compromised After Hackers Took Over Email Server

Hackers took over an FBI server over the weekend, sending thousands of fake cyberattack warnings. The agency says no personal information or data was affected.

The agency said it has fixed the software vulnerability that allowed the attack.

The fake emails originated from an FBI-operated server, which was dedicated to pushing notifications to the Law Enforcement Enterprise Portal (LEEP), which the FBI uses to communicate with state and local agencies. The compromised server was not part of the FBI’s corporate email service, the FBI added.

'REvil' Ransomware Group Taken Down Through Multi-Country Effort

The FBI, working with Cyber Command, the Secret Service, and other countries, took down REvil.

According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil’s computer network infrastructure, obtaining control of at least some of their servers. After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself “Unknown,” vanished from the internet.