September 2024: Major Cyber Attacks, Data Breaches, Ransomware Attacks

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

September 04, 2024

Microchip Technology

Microchip Technology confirms personal information stolen in ransomware attack

Play Ransomware

US-based semiconductor supplier Microchip Technology has confirmed that personal information and other types of data was stolen from its systems during a recent ransomware attack. The company disclosed the incident on August 20, when it informed the US SEC that certain servers and business operations had been disrupted, but the company isolated the impacted systems to contain the attack.

Microchip Technology ransomware attack

September 04, 2024

Planned Parenthood

Ransomware gang claims cyber attack on Planned Parenthood

RansomHub Ransomware

RansomHub ransomware group listed Planned Parenthood on its Tor-based leak site, threatening to leak 93 Gb of data supposedly exfiltrated from the nonprofit organisation.

Source: Security Week

September 06, 2024

Charles Darwin School

Charles Darwin School Bromley closes due to cyber attack

Unknown

Charles Darwin School, based in Jail Lane, had been experiencing IT issues but has now found the problem to be “worse than hoped” - a cyber attack. In a letter on its website, headteacher of the school Aston Smith has outlined that it is not yet known what data has been accessed.

Source: News Shopper UK

September 10, 2024

Japanese media giant Kadokawa

Japanese media giant investigating another reported data leak by BlackSuit hackers

BlackSuit Ransomware

A major Japanese media company known for producing manga, anime and video games was investigating a cyber attack on its systems following reports that a ransomware group leaked a new batch of its information on the dark web. Kadokawa was hit by a ransomware attack in June. Several researchers observed that the ransomware gang BlackSuit uploaded new data allegedly stolen from Kadokawa to its darknet site.

Source: The Record

September 12, 2024

Kawasaki’s European arm

Kawasaki’s European arm restores operations after cyber attack claimed by Ransomhub

RansomHub Group

Japanese motor vehicle giant Kawasaki said its European offices are in the process of recovering from a cyber attack that has caused a range of issues as the company posted a statement confirming it was “the subject of a cyber attack” which was not successful but “resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day.” In its dark web post, the RansomHub operation said it stole 487 gigabytes of data from Kawasaki Motors Europe.

Source: The Record

September 12, 2024

23andMe

23andMe to pay $30 million in genetics data breach settlement

Hacker known as Golem

DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. Starting in October, threat actors leaked data profiles belonging to 4.1 million individuals in the United Kingdom and 1 million Ashkenazi Jews on the unofficial 23andMe subreddit and hacking forums like BreachForums. 23andMe said in December that data for 6.9 million customers, including information on 6.4 million U.S. residents, was downloaded in the breach.

Source: Bleeping Computer

September 12, 2024

Lehigh Valley Health Network

Hospital system to pay $65 million for dark web data leak, including images of nude cancer patients

BlackCat Ransomware

Lehigh Valley Health Network has agreed to a $65 million settlement in a class action suit tied to a massive data leak, including the publication of images of 600 nude cancer patients. The lawsuit, filed in March 2023, followed the discovery that LVHN data security allowed a hacker to break into its systems and obtain personal data on at least 134,000 people, including cancer patients. The proposed settlement was announced by plaintiffs' lawyer Patrick Howard as he said the nude images and other data were posted to the dark web by BlackCat after LVHN declined to pay the ransom.

Source: The Record

September 14, 2024

Port of Seattle

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Rhysida Ransomware

The Port of Seattle confirmed that the Rhysida ransomware group was behind the cyber attack in August. The Port confirmed that an unauthorised actor accessed and encrypted parts of their computer systems, disrupting key services like baggage handling, check-in kiosks, ticketing, Wi-Fi, and parking. The company also said that it has refused to pay the ransom, for this reason the ransomware group may publish stolen data.

Source: Security Affairs

September 16, 2024

NHS London

Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals

Qilin Ransomware

CaseMatrix, a company that works with legal firms to support claimants in data breach lawsuits said more than 900,000 individuals have been caught up in the extortion attempt as people with symptoms of sensitive medical conditions, including cancer and sexually transmitted infections, were among almost a million individuals who had their personal information published online following a ransomware attack.

Source: The Record

September 16, 2024

Stillwater Mining Company

Owner of only US platinum mine confirms data breach after ransomware claims

RansomHub

Ransomware

Stillwater Mining Company confirmed that it experienced a cyber attack this summer that exposed the sensitive information of thousands of employees. It told regulators that hackers breached company systems in the middle of June but the incident was only discovered on July 8. It took more than a month for investigators to realise that the personal information of 7,258 employees was stolen.

Source: The Record

September 17, 2024

AT&T

AT&T to pay $13 million FCC settlement for 2023 data breach

ShinyHunters

AT&T has agreed to pay $13 million to resolve a Federal Communications Commission (FCC) investigation into whether the telecom giant was adequately protecting customer data.

Source: The Record

September 20, 2024

Blackpool Trust Schools

Schools threatened by hackers in cyber attack

Unknown

Schools across Lancashire have been hit by a cyber attack with the majority of computer systems affected. Dean Logan, CEO of Fylde Coast Academy Trust, confirmed the Blackpool trust had been subjected to ransomware, which infected the organisation's IT infrastructure and resulted in limited accessibility to systems.

Source: The BBC

September 22, 2024

Kansas’  Franklin county

Ransomware attack on Kansas county exposed sensitive information of nearly 30,000 residents

Unknown

A county in Kansas warned regulators that a ransomware attack earlier this year leaked personal data found in county records. Franklin County, which is about an hour outside of Kansas City, warned 29,690 residents that hackers breached the County Clerk’s Office on May 19 and took data from the network.

Source: The Record

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

September 02, 2024

Management consulting firm, CBIZ

CBIZ Benefits & Insurance Services discloses data breach affecting client information

Unknown

Benefits & Insurance Services (CBIZ) reported a significant data breach involving the unauthorised access of sensitive client information stored in its databases. The breach that occurred between June 2 and June 21, 2024, was caused by a vulnerability in one of CBIZ’s web pages, exploited by a threat actor to steal the data of nearly 36,000 individuals.

Source: teiss.co.uk

September 09, 2024

Florida-based Slim CD

Massive credit card breach hits 1.7 million people after hackers access payment processing service 

Unknown

Almost 1.7 million consumers in the US and Canada may have had their data exposed in a massive credit card database breach. Florida-based Slim CD, a payment processor, sent emails to customers that their information may have been accessed anytime from August 2023 to June 2024.

Data breach attack on a payment processing service Slim CD

September 09, 2024

Fortinet

Fortinet says hackers accessed ‘limited’ number of customer files on third-party drive

Unknown

Fortinet said that someone gained unauthorised access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive. The file drive “included limited data related to a small number of Fortinet customers”.

Fortinet data breach

September 09, 2024

Avis Car Rental

Avis Car Rental suffers a data breach impacting nearly 300,000 customers

Unknown

Car rental company Avis has suffered a data breach impacting nearly 300,000 customers after an unauthorised third party accessed a business application. Avis said the attacker breached the company’s business application between August 3 and August 6, 2024, and was detected on August 5, 2024.

Source: CPO Magazine

September 11, 2024

Boulanger, Cultura, Truffaut

Popular French retailers confirm hackers stole customer data

A threat actor using the nickname "horrormar44" on BreachForums

Several well-known French retail brands reported having data stolen by a cyber attack as hackers targeted Boulanger, which specialises in electronics and home appliances, and the retailer Cultura, gardening supplier Truffaut. Several French media outlets reported the list of victims could be even longer.

Source: The Record

September 17, 2024

E-commerce platform, Temu

Temu denies breach after hacker claims theft of 87 million data records

A threat actor using the moniker 'smokinthashit'

Temu denied it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. The threat actor put the alleged data up for sale on the BreachForums hacking forum, along with a small sample to serve as proof of the stolen data.

Temu data breach

September 20, 2024

Dell

Dell investigates data breach claims after hacker leaks employee information

BreachForums hacker "grep"

Dell has confirmed that they were investigating recent claims that it suffered a data breach after a threat actor leaked data for over 10,000 employees. The allegations were published by a threat actor named "grep," who alleges that the computing vendor suffered a "minor data breach" in September 2024, exposing internal employee and partner information.

Source: BleepingComputer

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

September 02, 2024

German air traffic control

Cyber attack paralyses office communications at German air traffic control

APT28-(Fancy Bear) 

Deutsche Flugsicherung (DFS), the state-owned agency responsible for air traffic control in Germany confirmed that it was the target of a cyber attack that has disrupted its office communications.

Cyber attack on German air traffic control, DFS

September 02, 2024

Transport for London (TfL)

TfL faces sophisticated cyber security incident

Unknown

Transport for London's (TfL) computer systems were hit with an ongoing cyber attack as the transport company said there was no evidence customer data had been compromised and there was no impact on TfL services. Insiders have told BBC London they have been asked to work at home if possible, and that it is the transport provider's backroom systems at the corporate headquarters that are mainly affected.

Transport for London (TfL) cyber attack

September 02, 2024

Canvey Infant School

Canvey Infant School in Essex deals with a significant cyber incident

Unknown

Canvey Infant School, an Essex-based primary school, experienced a significant cyber attack that disrupted access to IT systems and forced school authorities to delay school reopening.

Source: teiss.co.uk

September 04, 2024

Latvian government and critical infrastructure websites

Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say

Russia-linked hacktivist groups such as NoName057(16) and Anonymous Guys

Politically motivated hackers linked to Russia and Belarus are targeting Latvian government and critical infrastructure websites in a new wave of cyber attacks, according to Latvian cybersecurity officials. The goal of the attacks was to disrupt access to websites rather than to steal sensitive data, said Baiba Kaskina, head of the Latvian сomputer emergency response team (CERT).

Cyber attack on Latvian government and critical infrastructure websites

September 04, 2024

Tewkesbury Borough Council in Gloucestershire, England

Services disrupted as local council near GCHQ’s headquarters hit by cyberattack

Unknown

Tewkesbury Borough Council in Gloucestershire, England, warned residents that it had discovered it was being targeted by a cyber attack, and assumed that the perpetrators had been able to penetrate its systems. “We are having to assume that our systems have been compromised, and we are taking the necessary cyber response steps, including shutting down our systems,” said a banner statement on the council’s website.

Source: The Record

September 04, 2024

Penpie DeFi

Penpie DeFi platform files reports with FBI, Singapore police after $27 million crypto theft

Unknown

Hackers stole about $27 million worth of cryptocurrency from the Penpie decentralised finance (DeFi) protocol. Penpie confirmed in a statement that $27,348,259 worth of ethereum was taken, and they have shut down withdrawals as well as deposits.

Source: The Record

September 09, 2024

Highline Public Schools

Highline Public Schools closed in WA after possible cyber threat

Unknown

The attack hit the technology systems of the schools and forced the educational bodies to remain closed.

Source: Fox 13 Seattle

September 09, 2024

Highline Public Schools in Washington

Washington state school district closed for second day after cyber attack

Unknown

A Seattle-area school system serving more than 17,000 students remained closed on September 10 for a second day to start the school year after a cyber attack caused network outages. Highline Public Schools in Washington, released a new notice on September 9 confirming that that facilities would remain closed after all activities, sports and meetings were cancelled. “Our investigation into unauthorised activity on our technology systems is ongoing, and critical systems are still offline,” the school said. “We understand cancelling school is a significant disruption for our families and staff, but student safety remains our top priority.”

Source: The Record

September 12, 2024

Jakarta-based crypto exchange Indodax

Largest crypto exchange in Indonesia pledges to reimburse users after $22 million theft

Unknown

A major cryptocurrency exchange in Southeast Asia has paused operations after $22 million in coins was stolen. Jakarta-based Indodax, which says it has more than 6 million users, told customers that it discovered a security issue on its platform and has shut down its service while it “completes maintenance to ensure the entire system is operating properly.”

Source: The Record

September 13, 2024

Tennessee school district, Johnson County Board of Education

Tennessee school district loses $3.4 million to a fake curriculum vendor

Unknown

A school district in the northeast corner of Tennessee lost more than $3 million earlier this year after an employee was tricked into sending funds intended for online curriculum materials to a fraudster.

Source: The Record

September 16, 2024

Germany’s Radio Geretsried

German radio station forced to broadcast 'emergency tape' following cyber attack

Unknown

Radio Geretsried, a local station in Germany, has blamed “unknown attackers from Russia” after an apparent ransomware incident left it broadcasting music from emergency backups. According to a statement on Radio Geretsried’s website, the cyber attack took place on the night of September 15, with the hackers encrypting “all music files and are demanding a large ransom from the station.”

Source: The Record

September 17, 2024

Russian organisation Osnovanie

Pro-Ukraine hackers claim attack on agency that certifies digital signatures in Russia

Osnovanie ("Foundation" in Russian)

The Russian federal organisation that certifies digital signatures used by local businesses and individuals is still recovering from a cyber attack that disrupted its services as Osnovanie said it had suspended its operation while the investigation into the attack is ongoing. It had promised to resume its work on September 12 after “changing security policies, access rights, and account settings.” The hackers claimed to compromise the infrastructure of the agency, known as Osnovanie ("Foundation" in Russian), and defaced its websites.

Source: The Record

September 17, 2024

Russian anti-virus company Dr.Web

Russian cyber firm Dr.Web says services are restored after ‘targeted cyber attack’

Unknown

Popular Russian antivirus developer Dr.Web said it has resumed operations after suffering a security breach over the weekend. In a statement, the company said that the cyber attack was successfully “repelled” and “none of the Dr.Web users were affected.”

Source: The Record

September 21, 2024

Asian crypto platform BingX

Hackers stole over $44 million from Asian crypto platform BingX

Unknown

Singaporean crypto platform BingX reported a cyber attack as threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorised transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media.

Source: Security Affairs 

September 24, 2024

MoneyGram

MoneyGram says cyber incident causing network outages

Unknown

Digital payment giant MoneyGram said a recent cybersecurity incident has caused network outages and other issues for those trying to send money. The company released messages on social media  acknowledging that it is dealing with network outages after users complained about being unable to use the service.

Source: The Record

New Ransomware

Summary

A new ransomware-as-a-service (RaaS) operation impersonates the legitimate Cicada 3301

A new ransomware-as-a-service (RaaS) operation is impersonating the legitimate Cicada 3301 organisation and has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide.

WhisperGate malware

Federal agencies continued to confront Russian cyber-operations, unsealing an indictment against members of a Russian military intelligence unit involved with the destructive WhisperGate malware and other hacking campaigns.

New PIXHELL acoustic attack

A novel acoustic attack named ‘PIXHELL’ can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to.

Ajina Banker malware

A new Android malware is being used to steal information from bank customers in Central Asia, researchers have found. 

CosmicBeetle’s new malware, ScRansom

A group that researchers are calling CosmicBeetle has developed new ransomware and deployed it against small and medium-sized businesses, mostly in Europe and Asia, according to a new report.

Android malware 'Necro'

A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks.

Date

New Malware, Flaws & Fixes

Summary

September 03, 2024

CVE-2024-7261

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection.

September 09, 2024

CVE-2024-40766

Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks.

September 10, 2024

CVE-2024-38217

​Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018.

September 16, 2024

CVE-2024-29847

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.

September 16, 2024

CVE-2024-43461

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. 

September 17, 2024

CVE-2024-38812

Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. 

September 19, 2024

CVE-2024-27348

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalogue, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. 

September 19, 2024

CVE-2024-8963

Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. 

News Type

Summary

Source Link

Report

​The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023.

Source: Bleeping Computer

Warning

​The FBI warned of North Korean hacking groups aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks to deploy malware designed to steal their crypto assets.

Source: Bleeping Computer

Report

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5m ($33.7m) on Clearview AI over illegal data collection for facial recognition.

Clearview AI Fined €30.5m by Dutch Watchdog Over Illegal Data Collection

Report

Nykaa Fashion, a leading Indian beauty and fashion retailer platform and a subsidiary of Nykaa, has taken legal action against its former Chief Business Officer (CBO), Gopal Asthana, accusing him of breaching confidentiality agreements, misappropriating proprietary data, and attempting to harm the company by poaching employees.

Nykaa Fashion initiates legal proceedings against former CBO over alleged data theft

Report

A privacy flaw in WhatsApp is being exploited by attackers to bypass the app's "View once" feature and view messages again. According to WhatsApp, a fix is coming to WhatsApp Web, but it is unclear if the privacy flaw could still be exploited using custom WhatsApp apps.

Source: Bleeping Computer

Report

The National Crime Agency (NCA), once heralded as British law enforcement’s elite answer to the questions posed by serious and organised crime, including cybercrime, is “on its knees” according to a new report.

Source: The Record

Report

Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia, including free and premium, to be blocked and their websites taken down.

Source: Bleeping Computer

Report

The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems.

Source: Bleeping Computer

Report

A high-stakes cat and mouse game between defenders and a sophisticated trio of Chinese cyberespionage groups has continued this year, with the hackers launching a string of attacks on government organisations in Southeast Asia despite attempts to disrupt their activity.

Source: The Record

Analysis

A suspected Iranian state-sponsored threat actor, APT34, also tracked as OilRig has targeted Iraqi government organisations and other entities in the country as part of a new espionage campaign, researchers have found.

Source: The Record

Warning

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks.

Source: Bleeping Computer

Warning

Binance is warning customers that malware is being used to manipulate withdrawal addresses in order to steal cryptocurrency, in a campaign that has led to “significant financial losses for victims.”

Source: The Record

Report

The Justice Department indicted a Chinese national for attempting to hack several aviation agencies across the U.S. government in order to steal software and code created by the National Aeronautics and Space Administration (NASA) and others.

Source: The Record

Report

A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. While Cloudflare said they were currently conducting scheduled maintenance in Singapore and Nashville, its status page does not indicate any problems.

Source: Bleeping Computer

Report

A prolific cybercrime group known as Marko Polo has compromised “tens of thousands of devices” worldwide through cryptocurrency and gaming-related scams, researchers said.

Source: The Record

Report

Unidentified hackers have targeted companies in the construction industry through accounting software known as Foundation, researchers said. The attackers go looking for installations of Foundation that are publicly accessible on the internet, then try combinations of default usernames and passwords that can allow for administrative access.

Source: The Record

Report

Microsoft has identified a financially driven hacking group that is deploying INC ransomware to attack the U.S. healthcare sector. The hacking group has targeted the healthcare, IT, and manufacturing sectors, using ransomware variants such as BlackCat, Rhysida, Quantum Locker and Zeppelin.

Microsoft warns of ransomware group targeting healthcare

Report

Russia has fully pivoted its disinformation efforts to focus on Vice President Kamala Harris, releasing several fake, widely-seen videos designed to harm her campaign. Microsoft published a new report warning that two Russian groups have used X (formerly Twitter), Telegram and several fake news websites to disseminate controversial and fictitious videos about Harris.

Source: The Record

Report

The Walt Disney Company will no longer use Slack for in-house company communication months after a hack that involved more than a terabyte of company data being leaked to the public.

Disney to ditch Slack following July data breach

Report

A Federal Trade Commission (FTC) staff report has found that social media and video streaming companies have been engaging in widespread user surveillance, particularly of children and teens, with insufficient privacy protections and earning billions of dollars annually by monetizing their data.

Source: Bleeping Computer

Report

LinkedIn recently began harnessing its users’ content and data to train artificial intelligence models, opting all platform participants into the program without formal notice - except for users in the United Kingdom and Europe.

Source: The Record

Report

A cyber operation within Iran’s Ministry of Intelligence and Security (MOIS) has evolved into a highly sophisticated access broker for Iranian hackers, enabling persistent intrusions into telecommunications and government systems across the Middle East.

Iranian Backdoors Spread Across Middle East Telecoms and Government Agencies, Google Reports

Report

The U.S. DoJ arrested two people, Malone Lam (20) and Jeandiel Serrano (21) in Miami and charged them with stealing more than $230 million worth of cryptocurrency as the duo attempted to launder the stolen cryptocurrency through crypto exchanges and mixing services.

US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency

Report

Ukraine has banned the use of the Telegram messaging platform on official devices issued to government and military personnel, as well as defence sector and critical infrastructure employees.

Ukraine bans Telegram use on state-issued devices

Report

German law enforcement has shut down 47 cryptocurrency exchange services that ransomware gangs and other cybercriminals used for money laundering.

Source: The Record

Report

Missouri-based aviation executive Farhad Azima said that he had settled with the law firm Dechert and two of its former senior attorneys over allegations they took part in a scheme to hack his emails and use them in court to destroy his business.

Source: Reuters

Report

The Chaser, a news website run by Hong Kong journalists in Britain, says Google informed the diaspora media outlet that its company email was being targeted by "government-backed attacks."

Hong Kong diaspora media in Britain reports 'government-backed attacks'

Report

Russian cybersecurity company Kaspersky deleted its anti-malware software from customers' computers across the United States and automatically replaced it with UltraAV's antivirus solution. This came after Kaspersky decided to shut down its U.S. operations and lay off U.S.-based employees.

Source: Bleeping Computer

Report

The U.S. Commerce Department proposed prohibiting key Chinese software and hardware in connected vehicles on American roads due to national security concerns, a move that would effectively bar Chinese cars and trucks from the U.S. market.

Source: Reuters

Report

The popular messaging service Telegram has updated its terms of service to discourage “bad actors” from “jeopardising the integrity” of the platform, according to its founder Pavel Durov.

Source: The Record

Report

Google said it has been contacted by several major U.S. companies recently who discovered that they unknowingly hired North Koreans using fake identities for remote IT roles.

Source: The Record

Report

Sweden’s domestic intelligence agency announced that hackers acting on behalf of the Iranian government were behind a cyberattack last year aimed at provoking divisions in the country following a stunt by a far-right political figure.

Source: The Record

Report

The cybercriminal group known as DragonForce has been attacking the manufacturing, real estate and transportation industries worldwide using modified versions of two notorious ransomware variants, researchers said.

Source: The Record