Cyber News

Play Ransomware Leaked 65,000 Government Documents and More in This Week's Cyber News

As cyber threats continue escalating, it's crucial to keep up to date with the latest news and advancements to ensure digital safety remains intact. Consequently, cybersecurity remains a paramount issue for organisations, governments, and individuals alike. This blog post will delve into the week's most notable cybersecurity news stories, highlighting significant events and noteworthy security incidents.

Feds to offer new support to open-source developers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) will start providing more hands-on support to open-source software developers as they work to secure their projects better. This week, CISA hosted a two-day, invite-only summit with leaders in the open-source software community and other federal officials.

During the private event, the agency also ran what's likely the first tabletop exercise to assess how well the government and the open-source community would respond to a cyberattack targeting one of their projects. During the summit, CISA and a handful of package repositories — online forums where developers upload and share the applications they've built using these open-source languages — unveiled new initiatives to help secure open-source projects.

Hacked WordPress sites abusing visitors' browsers for distributed brute-force attacks

Threat actors are executing distributed brute-force attacks against WordPress sites through malicious JavaScript injections, exploiting innocent site visitors' browsers. Unlike previous attacks that aimed to inject crypto drainers like Angel Drainer or redirect users to Web3 phishing sites, this wave focuses on using common and leaked passwords to brute-force other WordPress sites. The attack, observed on over 700 sites so far, unfolds in five stages, allowing threat actors to gain unauthorised access to target sites. While the motive behind the switch from crypto drainers to brute-force attacks remains unclear, profit incentives are suspected, considering the potential monetisation of compromised WordPress sites.

Play ransomware leaked 65,000 government documents

The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. Xplain is a Swiss technology and software solutions provider for various government departments, administrative units, and even the country's military force. The Play ransomware gang breached the company on May 23, 2023.

At the time, the threat actor claimed to have stolen documents containing confidential information, and in early June 2023, it followed through on its threats and published the stolen data on its darknet portal. The Swiss government started investigating the leaked files and instantly admitted that the leaked data might contain documents belonging to the Federal Administration of Switzerland.

Possible China link to Change Healthcare ransomware attack

A criminal claiming to be an ALPHV/BlackCat affiliate — the gang responsible for the widely disruptive Change Healthcare ransomware infection last month — may have ties to Chinese government-backed cybercrime syndicates.

Menlo Security this week linked Beijing to the cyberattack, which essentially left pharmacies across America unable to look up and process people's health insurance, forcing patients to pay out of pocket for life-saving medication or go without these essential prescriptions.

The criminals were able to bag a $22 million payment in Bitcoin, reportedly a ransom paid by Change's parent US healthcare giant UnitedHealth.

A miscreant who goes by "Notchy" claims to be the ALPHV affiliate behind that February 21 intrusion that disrupted thousands of American pharmacies and hospitals.

Remaining well-versed in the latest industry advancements remains paramount in combating cybercrime. Keeping abreast of pertinent news enables leaders to make informed decisions, pre-emptively adopt security measures, and adequately fortify their organisations against cyberattacks. Maintaining a vigilant approach, embracing optimal practices, and harnessing state-of-the-art technologies are all pivotal elements in shaping a secure digital landscape for the future.