Normal view
- Cybersecurity News and Magazine
- DragonForce Cyberattack Strikes Again: Malone & Co and Watt Carmicheal Added as Victims
- Cybersecurity News and Magazine
- Cybersecurity Alert: Frotcom International Faces Alleged Data Breach
Cybersecurity Alert: Frotcom International Faces Alleged Data Breach
Alleged Frotcom Data Breach Surfaces on Dark Web
DuckyMummy's post on the forum detailed the extent of the Frotcom data breach, indicating access to internal systems across more than 40 countries and over 5,000 companies. The compromised data encompassed a wealth of information crucial to Frotcom's operations, from GPS tracking data to customer billing information. [caption id="attachment_68365" align="alignnone" width="1732"] Source: Dark Web[/caption] As proof of their claims, the threat actor shared sample records showcasing live GPS vehicle information sorted by country and offered the compromised database for sale at a staggering price of USD 5,000.“These days I have breached the company security, and I have dumped all information and got access to all internal systems of the company, more than 40 countries, more than 5,000 COMPANIES !”, stated the hacker.The Cyber Express has reached out to Frotcom for official confirmation and further details regarding the breach. However, as of the time of writing, no official statement or response has been received, leaving the claims surrounding the Frotcom data leak unverified.
Cyberattacks on Freight Companies
The Frotcom data leak is not an isolated event and is a reminder of the growing threats faced by the transportation sector in an increasingly digitized world. With transportation systems becoming more reliant on interconnected digital technologies, they have become lucrative targets for cyber threat actors seeking to disrupt operations, extort sensitive data, or inflict financial harm. The ramifications of cyberattacks on transportation infrastructure are profound, ranging from supply chain disruptions to the compromise of sensitive passenger data. Recent incidents such as the ransomware attack on Japan's Port of Nagoya, which halted operations for two days, highlight the real-world impact of such breaches on global trade and commerce. Moreover, the nature of cyber threats poses a significant challenge to the transportation sector. Attack vectors are becoming increasingly diversified, with intrusions often originating from third-party supply chain partners or software vendors. Additionally, the rise of politically motivated threat actors further complicates the domain, as evidenced by the DDoS attacks on US airports claimed by Russian-speaking hackers. Looking back at historical events, cyber incidents targeting transportation infrastructure have resulted in widespread disruption and societal harm. From DDoS attacks on Czech railways and airports to ransomware incidents affecting Italian State Railways, these incidents highlight the vulnerability of transportation systems to malicious cyber activity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Credibility in Question: Meesho Data Breach Claims Echo 2020 Leak
Unconfirmed Meesho Data Breach Surfaces on Dark Web
[caption id="attachment_68336" align="alignnone" width="1333"] Source: Dark Web[/caption] The discrepancies didn't end there. The Cyber Express further analyzed the claims and found inconsistencies within the data itself. Specifically, discrepancies between names and associated phone numbers raised red flags. Given qpwomsx's brief tenure on the platform and apparent credibility issues, discerning the authenticity of the Meesho data breach becomes a daunting task. However, examining the stolen data paints a perplexing situation as the majority of the email addresses are valid and deliverable. Along with the emails, the data appears to be a compilation of personal information belonging to individuals, predominantly based in India. Alongside names, email addresses, and phone numbers, additional details such as location and workplace affiliations were also included. However, the presence of "null" values suggests potential gaps or inaccuracies within the dataset.The IndiaMART Data Breach Link
The Cyber Express has reached out to the e-commerce giant to learn more about this alleged Meesho data leak. However, at the time of writing this, no official statement or response has been shared, leaving the claims for the data breach unverified. Moreover, parallels emerge between the purported Meesho breach and the 2020 IndiaMART data leak, which exposed sensitive information from over 40,000 suppliers. IndiaMART, a prominent business-to-business e-commerce platform, was also targeted in a cyberattack in 2020. Despite assertions from the company that only basic contact information is publicly available, cybersecurity researchers found an extensive exposure of sensitive data. Interestingly, the stolen data from the IndiaMART data leak is similar to the current Meesho data breach, raising concerns about the authenticity of the leak and the motives behind it. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Meesho data breach or any official confirmation from the Indian e-commerce giant. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Dark Web Hacker Claims to Expose 70K National Parent Teacher Association Records
Dark Web Hacker Claims to Expose 70K National Parent Teacher Association Records
Dark Web Hacker Discloses National Parent Teacher Association Breach
Among the exposed data are insured data, college information, client lists, medical insurance records, and payment information. This PTA data breach not only poses a threat to the privacy and security of individuals but also raises concerns about the misuse of such sensitive information. [caption id="attachment_68309" align="alignnone" width="861"] Source: X[/caption] The impact of this breach extends beyond the confines of the PTA itself, affecting individuals across the United States, particularly in the North American region. With PTA.org being the primary platform for engagement, the breach, if true, can have severe consequences. The post on BreachForums by the IntelBroker hacker, titled "Parent Teacher Association Database, Leaked - Download!" and timestamped May 13, 2024, provides insights into the extent of the PTA data breach. The threat actor proudly claims responsibility for the breach alongside an entity named GodLike. The data dump shared by IntelBroker reveals intricate details, including identifiers, addresses, contact information, and policy-related data.Cyberattack on Educational Institutions
The Cyber Express reached out to the National Parent Teacher Association for clarification and response regarding the breach. However, at the time of writing this, no official statement or response has been received. Moreover, this isn’t the first time a student-centric organization was targeted in a cyberattack. Educational institutions, from K-12 schools to universities, store vast amounts of personal data, making them prime targets for cyberattacks. The educational sector witnessed a 258% surge in incidents in 2023, with 1,537 confirmed data disclosures, often attributed to vulnerabilities like MOVEit. Ransomware remains a major external threat, while internal risks stem from uninformed users and overworked staff. Attacks, primarily financially motivated, exploit the emotionally fraught nature of personal data exposure. Common attacks include data breaches, ransomware, BEC, DDoS, and online invasions. Recent high-profile attacks, like those on the University of Manchester and the University of California, highlight the urgent need for enhanced cybersecurity measures in educational institutions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- R00TK1T Group Intensifies Cyberattacks on Egyptian Firms After Clash with Anonymous Egypt
R00TK1T Group Intensifies Cyberattacks on Egyptian Firms After Clash with Anonymous Egypt
R00TK1T's Cyberattacks on Egypt Post Anonymous Egypt Confrontation
[caption id="attachment_68271" align="alignnone" width="431"] Source: Dark Web[/caption] In a declaration on dark web, R00TK1T proclaimed, "Security Is Just An Illusion, Privacy Is Just Another Illusion." They warned of impending chaos, signaling their determination to disrupt the status quo. Their message resonated with defiance: "F*ck Society & The System! We Are R00TK1T Will Be Anywhere Anytime!" The Ministry of Supply and Internal Trade was among the first victims that allegedly fell prey to R00TK1T's infiltration, with the group proudly flaunting evidence of their access to the ministry's most secure networks. [caption id="attachment_68095" align="alignnone" width="522"] Source: X[/caption] As images surfaced, showcasing the depth of their intrusion, it became clear that R00TK1T's retaliation was not against the hacker group but the whole of Egypt.R00TK1T Cyberattacks Intensifies
[caption id="attachment_68274" align="alignnone" width="443"] Source: X[/caption] But these cyberattacks on Egyptian companies didn't end there. CorporateStack, a renowned company specializing in digital transformation solutions, also fell victim to an alleged cyberattack by the hacker group. With clients like Bentley, Vodafone, and Hexa, CorporateStack was a prime target for R00TK1T's message: no entity was beyond their reach. The group's infiltration into CorporateStack's systems sent a clear message to businesses operating in Egypt. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged cyberattacks on Egypt by the hacker group or any official confirmation from the organizations listed by R00TK1T hackers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Alleged Hosocongty Data Breach Exposes Vietnamese Job Seekers
Hosocongty Data Breach Exposes Thousands of Job Seekers
Hosocongty.vn, the affected platform, serves as a crucial link between job seekers and employers across Vietnam. Its rapid growth highlights its significance in the country's job market. However, this data breach raises concerns about the security and privacy of the platform's users. [caption id="attachment_68133" align="alignnone" width="1622"] Source: Dark Web[/caption] Makishimaaaa's relatively low ransom demand and status as a new member of the hacking forum suggest a developing situation. The hacker joined the platform in March 2024 and has since posted 38 times. This calculated move indicates a deliberate attempt to minimize suspicion while maximizing profits from the stolen data. The compromised database contains a wealth of personal information, including company details, contact numbers, email addresses, and more. Makishimaaaa emphasizes the quality and active rate of the data, reassuring potential buyers of its reliability. However, the ethical implications of purchasing stolen data remain a cause for concern. The Cyber Express has reached out to the recruitment firm to learn more about this Hosocongty data breach. However, at the time of writing this, no official statement or response has been released, leaving the claims for the Hosocongty data leak unverified.Cyberattack on the Recruitment Sector
The Hosocongty data breach is indicative of a broader trend of increasing cyberattack on the recruitment sector. In February 2024, Das Team Ag, a prominent job placement agency in Switzerland and Liechtenstein, fell victim to the Black Basta ransomware group, highlighting the vulnerability of recruitment platforms. Cyber risks in the digital hiring process have intensified over the years, with cybercriminals targeting sites housing sensitive data, such as employment platforms. The surge in digitalization has exacerbated these threats, necessitating enhanced security measures across industries. Polymorphic attacks, phishing, and malware are among the most prevalent cyber threats facing the recruitment sector, posing risks to both job seekers and companies. As such, users of Hosocongty are urged to exercise vigilance and implement necessary security measures to safeguard personal information. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the Hosocongty data breach or any official confirmation from the Vietnamese job portal. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Hacker Offers Data Allegedly Stolen from the City of New York
Alleged City of New York Data Breach Claimed to Include Sensitive Data
The stolen database is allegedly stated to include 199 PDF files, approximately 70MB in size in total. The exposed data includes a wide range of personally identifiable information (PII), such as: Licensee Serial Number, Expiration Date, Applicant or Licensee Name, Trade Name, Street Address, City, Zip Code, Phone Number of Applicant, and Business Email of Applicant. Moreover, the data also reveals sensitive details about building owners, attorneys, and individuals, including their EIN, SSN, and signature. The threat actor is selling this sensitive information for a mere $30, and interested buyers are instructed to contact them through private messages within BreachForums or through their Telegram handle. The post seemingly includes links to download samples of the data allegedly stolen in the attack. [caption id="attachment_68084" align="alignnone" width="1872"] Source: BreachForums[/caption] The alleged data breach has far-reaching implications, as it puts the personal information of numerous individuals at risk. The leak of personally identifiable information (PII) and sensitive documents exposes individuals to potential risks of identity theft, fraud, and other malicious activities. The Cyber Express team has reached out to the New York City mayor's official press contact email for confirmation. However, no response has been received as of yet.pwns3c Earlier Claimed to have Hacked Virginia Department of Elections
In an earlier post on BreachForums, pwns3c claimed an alleged data breach against the Virginia Department of Elections, compromising of at least 6,500 records. The earlier stolen data was also offered for USD 30 in Bitcoin (BTC), Litecoin (LTC), or Monero (XMR) on the dark web. The Virginia Department of Elections is responsible for providing and overseeing open and secure elections for the citizens of the Commonwealth of Virginia. It is responsible for voter registration, absentee voting, ballot access for candidates, campaign finance disclosure and voting equipment certification in coordination with about 133 of Virginia's local election offices. The compromised data was allegedly stated to have included sensitive information such as timestamps, usernames, election data, candidate information, and voting method details. However, there has been no official confirmation of the stated incident as of yet. The breaches claimed by pwns3c, despite their alleged nature highlight the persistent challenges of securing the websites of government institutions. The sensitive nature of the stolen data that may allegedly include Social Security Numbers (SSNs), contact information, election-related details, and signatures, underscores the urgency for government websites to strengthen their security measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Hacktivist Group R00TK1T ISC Claims Breach of Egyptian Ministry’s Systems
Hacktivist Group R00TK1T ISC Claims Breach of Egyptian Ministry’s Systems
Ministry of Supply and Internal Trade Breach Claims
[caption id="attachment_68095" align="alignnone" width="212"] Source: X[/caption] The Cyber Express has tried reaching out to the Egyptian ministry to learn more about this alleged Ministry of Supply and Internal Trade data breach claims. However, efforts to verify the intrusion were hampered by communication difficulties, preventing direct contact with the ministry. As a result, the claims made by R00TK1T ISC remain unconfirmed. The website for the Ministry of Supply and Internal Trade seems to be operational at the moment and doesn’t show any immediate sign of the intrusion. The threat actor has shared several screenshots of the document pilfered through this intrusion. Talking about the Ministry of Supply and Internal Trade breach in their post, the threat actor said, “We have successfully hacked into The Ministry of Supply and Internal Trade in Egypt, showcasing our deep infiltration into their systems.”R00TK1T ISC CyberTeam Hacking Spree
Meanwhile, in a separate incident on January 30, 2024, R00TK1T ISC CyberTeam launched an attack on Malaysia's digital infrastructure, further highlighting the global reach and impact of such malicious activities. Their claim to have accessed sensitive information from prominent companies like L'Oreal and Qatar Airways highlights the sophistication and persistence of cyber threats faced by businesses worldwide. In Egypt, the corporate sector has witnessed a surge in ransomware attacks in recent weeks, posing a significant risk to businesses across various industries. This escalating threat necessitates urgent action to bolster cybersecurity measures and mitigate potential damages. Amid ongoing political and security challenges in the Middle East, Egyptian businesses remain prime targets for cyberattacks, with ransomware emerging as a prevalent threat. The consequences of such attacks, including data loss and reputational damage, highlight the critical need for better defense mechanisms to safeguard against cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Australia Faces Unprecedented Cyber Threats Amid Support for Ukraine
Australia Faces Unprecedented Cyber Threats Amid Support for Ukraine
Cyber Army Russia Reborn Cyberattack Targets Australia
[caption id="attachment_68069" align="alignnone" width="641"] Source: X[/caption] Wavcabs, a transportation service, and Auditco, an auditing company, were among the targets of these Cyber Army Russia Reborn cyberattacks. Wavcabs' online services were disrupted, with users encountering connection timeouts when attempting to access the website. Similarly, Auditco faced technical difficulties, as indicated by error code 522 on their site earlier. [caption id="attachment_68071" align="alignnone" width="656"] Source: X[/caption] The Cyber Express has reached out to both organizations to learn more about this Cyber Army Russia Reborn cyberattack. Despite the severity of these cyber incidents, both Wavcabs and Auditco have not issued official statements regarding the attacks. The lack of response leaves the claims of Cyber Army Russia Reborn's involvement unverified, highlighting the complexity of attributing cyberattacks to specific actors.Australia's Support for Ukraine
These assaults on Australian companies occur as the nation reaffirms its support for Ukraine. The Albanese Government's commitment to aiding Ukraine was recently reinforced with a $100 million assistance package. Deputy Prime Minister and Minister for Defence, Richard Marles, revealed the assistance during a visit to Ukraine, where he witnessed firsthand the impact of Russia's aggression. Australia's $100 million aid package to Ukraine includes $50 million for military assistance, prioritizing Australian defense industry support for uncrewed aerial systems and essential equipment. Another $50 million is designated for short-range air defense systems, alongside the provision of air-to-ground precision munitions. Amidst ongoing cyberattacks on Australia, the nation’s unwavering support for Ukraine highlights the complexities of modern warfare and the critical need for cybersecurity measures. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We'll update this post once we have more information on these cyberattacks on Australian companies or any official confirmation from the listed organizations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- (SOLD) IntelBroker Traded $20K Crypto For Alleged Unauthorized Cybersecurity Company Access
(SOLD) IntelBroker Traded $20K Crypto For Alleged Unauthorized Cybersecurity Company Access
Alleged Zscaler Data Breach Threatens the Cybersecurity Community
[caption id="attachment_67457" align="alignnone" width="1765"] Source: Dark Web[/caption] The gravity of the alleged Zscaler data breach escalated when rumors emerged surrounding a possible breach within the organization's infrastructure. Allegations circulated that a threat actor was peddling access to the company's systems. In response, Zscaler swiftly took its "test environment" offline for analysis, aiming to ascertain the authenticity of the claims. However, the current update from the hacker stated that the unauthorized access has now been sold. Apart from the update, no further information was provided on the receiver who allegedly purchased the unauthorized access for USD 20,000. Zscaler has updated its security page, stating, "Zscaler continues to investigate and reiterates there is no impact or compromise to our customer, production, and corporate environments. During the afternoon of May 8, we engaged a reputable incident response firm that initiated an independent investigation. We continue to monitor the situation and will provide additional updates through the completion of the investigation". [caption id="attachment_67460" align="alignnone" width="1330"] Source: Zscaler[/caption] Initially, Zscaler reassured stakeholders that their investigation yielded no evidence of compromise within their customer or production environments. However, concerns persisted as discussions around the purported Zscaler data breach proliferated online. Users on various platforms debated the authenticity of the claims, with some expressing skepticism while others confirmed the breached organization is cybersecurity giant.Zscaler Responds to the Alleged Breach Claims
Amid the uncertainty, Zscaler remained positive, emphasizing its commitment to safeguarding customer and production environments. Updates from Zscaler's Trust site reiterated their dedication to thorough investigation and transparency. While it confirmed the discovery of an isolated test environment exposed to the internet, they highlighted its lack of connectivity to critical systems and absence of customer data. Talking about the rumors, Zscaler stated that the organization is aware of the claims and they are currently investigating the data. “Zscaler is aware of a public X (formerly known as Twitter) post by a threat actor claiming to have potentially obtained unauthorized information from a cybersecurity company. There is an ongoing investigation we initiated immediately after learning about the claims. We take every potential threat and claim very seriously and will continue our rigorous investigation”, added Zscaler.Who is IntelBroker?
https://www.youtube.com/watch?v=wXuurLlu25I IntelBroker is a solo hacker who gained infamy in 2023 for breaching Weee! and leaking data of 11M customers. Allegations hint at its connection to Iranian state entities, though IntelBroker denies it, claiming independence from Serbia. The hacker's focus on US defense suggests state cooperation. In an exclusive interview with The Cyber Express, the hacker shared information about these operations and himself as a person. Instead of being a full-fledged member of a ransomware group, IntelBroker has been working alone but has collaborated with other hackers in the industry. IntelBroker's targets span national security, government, critical infrastructure, and commerce sectors, executing extensive data breaches without traditional ransomware tactics. The hacker's methods include exploiting vulnerabilities and utilizing the "Endurance-wiper" tool. Transactions predominantly occur in XMR cryptocurrency, ensuring anonymity. The hacker breaches extend to companies like Razer, AT&T, and Verizon, sparking debates on corporate cybersecurity practices. Despite lucrative gains, IntelBroker advocates transparency in reporting breaches to maintain credibility. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- UK-Based Digital Signing Platform SigningHub Denies Cyberattack by IntelBroker
UK-Based Digital Signing Platform SigningHub Denies Cyberattack by IntelBroker
Ascertia Denies Allegations of the SigningHub Data Leak
Following the SigningHub data leak claims, Ascertia responded to the claims via a blog post, stating the SigningHub data breach and source code leak to be false. Allegations arose on May 8th via Twitter/X, claiming unauthorized access to Ascertia's network in December 2023. After thorough investigation, Ascertia confirmed no breach or access to SigningHub's source code. The file posted online purported to be SigningHub's source code was analyzed, revealing no related content. The Ascertia IT team simultaneously began a thorough investigation of the Ascertia network security systems and logs. At this time, Ascertia can confirm that there is no unauthorised access from bad actors and has concluded that the claims of a data breach are also false", stated Ascertia. Simultaneously, Ascertia's IT team examined network security systems and logs, confirming no unauthorized access. Ascertia emphasizes its dedication to information security, GDPR compliance, and robust security measures. Ongoing analysis of network access points and systems ensures product, staff, and client data security."IntelBroker Claims SigningHub Data Leak
[caption id="attachment_67397" align="alignnone" width="1402"] Source: Dark Web[/caption] The announcement of the SigningHub data breach paints a grim picture of the intrusion and its alleged impact. The post, titled "SigningHub - File Signing SRC Leaked, Download!", was shared by the threat actor while other users commended the hacker for this intrusion, stating the SigningHub code leak was “another great hit”, “top release” and other words of praise. The Cyber Express has reached out to Ascertia to learn more about this SigningHub data leak. However, at the time of writing this, no official statement or response has been shared apart from the blog post by the parent company Ascertia. In an attempt to shed light on the operation associated with the hacker, The Cyber Express reached out to IntelBroker for insights into their motivations and methods. In a recent interview, IntelBroker shared details of their hacking journey, affiliations, and previous exploits, highlighting the scale and sophistication of their operations.The IntelBroker Modus Operandi and Recent Attacks
[embed]https://youtu.be/wXuurLlu25I?si=FQYqB3byG3-0lgyr[/embed] IntelBroker's track record includes a series of high-profile breaches targeting organizations across various sectors, ranging from aviation and technology to government agencies. Notable breaches attributed to IntelBroker include infiltrations at the Los Angeles International Airport, Acuity, General Electric, DC Health Link, and others, each revealing the extent of vulnerabilities in digital infrastructure. The alleged breach at SigningHub adds another layer of complexity to the IntelBroker operations as the hacker has claimed multiple data breaches in 2024, highlighting the pressing issue of security. The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the SigningHub source code leak or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Hacker Duo Allegedly Strikes HSBC, Barclays in Cyberattacks
Hacker Duo Claims Barclays and HSBC Bank Data Breach
Barclays Bank PLC and The Hong Kong and Shanghai Banking Corporation Limited (HSBC) are the primary organizations reportedly affected by this breach. With operations spanning across the United Kingdom, United States, and regions including Europe and North America, the threat actor threatens the banking systems and probably targets customers' data, however, there has been no evidence of such data getting leaked. [caption id="attachment_67347" align="alignnone" width="2084"] Source: Dark Web[/caption] In a post on Breachforums, one of the threat actors, IntelBroker, shared details of the Barclays and HSBC Bank data breach, offering the compromised data for download. The post, dated May 8, 2024, outlined the nature of the breach and the types of data compromised, including database files, certificate files, source code, and more. The post also provided a sample of the leaked data, revealing a mixture of CSV data representing financial transactions across different systems or entities.While talking about the stolen data, IntelBroker denoted that he is "uploading the HSBC & Barclays data breach for you to download. Thanks for reading and enjoy! In April 2024, HSBC & Barclays suffered a data breach when a direct contractor of the two banks was breached. Breached by @IntelBroker & @Sanggiero".
A Closer Look at the Sample Data
A closer look at the sample data reveals three distinct datasets, each containing transaction records with detailed information about financial activities. These records encompass a range of information, from transaction IDs and timestamps to descriptions and account numbers involved. The datasets provide a comprehensive view of various transactions, offering valuable insights for financial analysis and tracking. The Cyber Express has reached out to both the banks to learn more about these alleged data breaches. HSBC Bank has denied these allegations about the breach, stating, "We are aware of these reports and confirm HSBC has not experienced a cybersecurity incident and no HSBC data has been compromised.” However, at the time of writing this, no official statement or response has been shared by Barclays, leaving the claims of the data breach related to Barclays stand unverified. Moreover, the two hackers in question, IntelBroker and Sanggiero, have claimed similar attacks in the past, targeting various global organizations. In an exclusive interview with The Cyber Express, one of the hackers, IntelBroker shed light on their hacking activities and the motivations behind their operations. IntelBroker had also praised Sanggiero from BreachForums for “his exceptional intellect and understated contributions to the field are deserving of far greater recognition and respect.” Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- LockBit Ransomware Targets Wichita City Following Unmasking of Group Leader
LockBit Ransomware Targets Wichita City Following Unmasking of Group Leader
Cyberattack on Wichita Post LockBit Leader Arrest
[caption id="attachment_67202" align="alignnone" width="402"] Source: Dark Web[/caption] The Wichita cyberattack targeted the official website (wichita.gov), prompting concerns over the security of critical municipal systems. While the ransomware group has not yet released any compromised data, they have set a deadline of May 15, 2024, for its publication. The announcement by LockBit ransomware follows closely on the heels of an earlier notification by the city of Wichita regarding a ransomware attack on May 5, 2024, although the responsible ransomware gang was not initially disclosed. Wichita, the largest city in the state of Kansas, serves as the county seat of Sedgwick County and is a populous urban center in the region. The Cyber Express has reached out to the state government to learn more about this cyberattack on Wichita. However, at the time of writing this, no official statement or response has been received. However, the city of Wichita denoted a ransomware attack that targeted various government and private organizations within the city.Security Update from Wichita: Ransomware Group Remains Unnamed!
According to a press release by the city of Wichita, the recent posts from the state's Cyber Security Incident Update indicate ongoing efforts by the city's information technology department and security partners to address the cyberattack. “Many City systems are down as security experts determine the source and extent of the incident. There is no timetable for when systems could be coming back online. We appreciate your patience as we work through this incident as quickly and as thoroughly as possible”, reads the official press release. In the meantime, various city services and amenities have been impacted by the cyber incident, prompting adjustments to normal operations. Water systems remain secure and functional, with provisions in place for those experiencing difficulties paying bills or facing water shut-offs. Transit services, city vendors, park and recreation facilities, licensing procedures, and municipal court operations have all been affected to varying degrees, necessitating alternative arrangements such as cash payments and in-person transactions. Similarly, services provided by cultural institutions, resource centers, planning departments, and housing and community services are also subject to modifications and delays as the city works to address the cyberattack. The city's airport and library services have experienced disruptions to Wi-Fi access and digital infrastructure, although essential operations continue with minimal impact on services provided to the public. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the cyberattack on Wichita or any new updates from the government. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Anonymous Arabia Strikes UAE: Targets Key Entities in Alleged Cyberattack
Anonymous Arabia Strikes UAE: Targets Key Entities in Alleged Cyberattack
Anonymous Arabia Not Alone: UAE Hit by Others Too
Anonymous Arabia targeting UAE entities comes on the heels of another purported cyber onslaught attributed to Stormous Ransomware, allegedly affiliated with the notorious Five Families alliance. Stormous has claimed responsibility for targeting a slew of high-profile UAE entities, including Bayanat, the government's sovereign wealth fund's analytics arm; Kids.ae, a digital platform for children; the Telecommunications and Digital Regulatory Authority (TDRA); the Federal Authority for Nuclear Regulation (FANR); and the Sharik citizen portal. While Stormous has not divulged specifics of the attacks, they have directed targets to their blog on the Tor network, hinting at potential data leaks if ransom demands are not met.Prior to these incidents, a much larger cyberattack was claimed by the Five Families alliance, targeting a vast number of UAE entities across various sectors. Governmental and private entities such as the Roads and Transport Authority (RTA), the Ministry of Cabinet Affairs, and several ministries were reportedly compromised.
In this alleged cyberattack, the group demanded a 150 BTC ransom (approximately $6.7 million USD at today’s exchange rate), threatening to leak stolen data if the demands were not met. These successive waves of cyberattacks highlight the growing menace posed by ransomware groups to critical infrastructure and government entities. The implications of such attacks are multifaceted and could have far-reaching consequences, including compromised sensitive data, disruptions to essential services, financial losses, and erosion of public trust. The recurrent targeting of UAE entities by ransomware groups raises pertinent questions about the country's cybersecurity posture and the motives driving these malicious actors.Why UAE is a Target
The UAE's status as a global economic hub and its significant investments in technology and infrastructure make it an attractive target for hackers:- Financial Gain: Attacks on wealthy nations and prominent organizations offer the potential for substantial financial gains through ransom payments or stolen data.
- Political Motivations: Hacktivist groups may target UAE entities for political reasons, aiming to disrupt government operations or make political statements.
- Critical Infrastructure: The UAE's critical infrastructure, including energy utilities and government services, presents lucrative targets for cybercriminals seeking to cause widespread disruption.
- Cybersecurity News and Magazine
- Cyber Alliance Threatens Major U.S. Energy Firms: High Society and Cyber Army of Russia Collaborate
Cyber Alliance Threatens Major U.S. Energy Firms: High Society and Cyber Army of Russia Collaborate
The newly formed alliance known as High Society has declared its affiliation with the notorious threat actor group, Cyber Army of Russia. This alliance has asserted its intentions to target prominent U.S. entities, including the Nuclear Energy Institute (NEI) and the Electric Power Research Institute (EPRI).
High Society made its proclamation via a message posted on a dark web forum, stating, "We are launching a joint attack with friends from the HapoguHaa Cyber Apmua. They are aimed at the US nuclear and electric power industry. At the moment, two of the largest resources in the field have been disabled. Nuclear Energy Institute & Electric Power Research Institute." The dark web message posted by the alliance explicitly stated their actions aimed at disabling key resources in the nuclear and electric power industry, highlighting a brazen attempt to disrupt vital services. [caption id="attachment_66776" align="aligncenter" width="871"] Source: X[/caption]A Proven Track Record: Cyber Army of Russia
Cyber Army of Russia, previously known as Cyber Army of Russia Reborn, has already demonstrated its capabilities with multiple cyberattacks targeting U.S. and European utilities. These cyberattacks, which included manipulation of human-machine interfaces, showcased the group's proficiency in infiltrating and disrupting essential systems. The recent cyberattack on Consol Energy, a prominent American energy company, further solidifies the threat posed by this group, with disruptions extending beyond national borders. Moreover, a few hours before announcing the news of the alleged alliance, High Society boasted of infiltrating Italy’s engineering company, TeaTek, and gaining access to its internal servers. A message on the dark web forum by the group stated, "A few minutes ago, we gained access to the servers of a large Italian engineering company TeaTek. At the moment, we have taken full control of the servers. Enemy will be destroyed! «>"What Does High Society Alliance Means
This alignment of objectives between the two groups suggests a concerted effort to destabilize key sectors of the global economy, posing severe implications for national security and public safety. There maybe several potential motives behind this alliance. One possibility is that High Society seeks to disrupt critical infrastructure to sow chaos and gain attention. Such actions could be driven by ideological motivations, aiming to challenge authority or make political statements. Another motive could be financial gain. Cyberattacks on organizations like TeaTek may involve theft of sensitive data or extortion attempts, where attackers demand ransom payments in exchange for returning control of compromised systems. Furthermore, there's the possibility of state-sponsored involvement. While High Society claims affiliation with the Cyber Army of Russia, the extent of official state support, if any, remains uncertain. State actors often utilize proxy groups to carry out cyber operations, providing deniability while pursuing strategic objectives. The implications of these alliances extend beyond mere disruption; they represent a significant challenge to governments, cybersecurity professionals, and organizations tasked with safeguarding critical infrastructure. The interconnected nature of modern systems means that a successful attack on one entity can have cascading effects, amplifying the potential damage and chaos.Ladakh Social Welfare Department Data Hit By Alleged Cyberattack
A threat actor has claimed to have leaked the database of the Department of Social Welfare Ladakh, Government of India. However, crucial details such as the extent of the attack, data compromise, or the motive behind it remain undisclosed.
The alleged cyberattack on the Department of Social Welfare Ladakh has prompted concerns, yet the authenticity of the claim remains unverified.
Unverified Claim: Cyberattack on Department of Social Welfare Ladakh
Upon investigation of the official website, no signs of foul play were detected, as the website remained fully functional. However, to verify the credibility of the claim, The Cyber Express Team reached out to officials for comment. As of the time of this report, no official response has been received, leaving the claim unverified. Should the claim prove to be true, the implications could be significant, potentially affecting the security and privacy of individuals whose data is stored within the department's database. [caption id="attachment_65926" align="aligncenter" width="525"] Source: X[/caption]Previous Cyberattacks
This incident follows previous cyberattacks targeting government entities in India. In a separate incident, the Rural Business Incubator (RBI) of the Indian state of Uttarakhand was reportedly targeted in a cyberattack linked to the threat actor ZALCYBER. Although the RBI data breach occurred in 2023, it has gained renewed attention due to claims made by the hacker collective on BreachForums. According to assertions made by ZALCYBER, two PDF files containing extensive data linked to the RBI were posted on BreachForums. One of these files includes applicant information, while the other encompasses administrative data. The nature and scale of the data breach raise concerns about the security measures in place to safeguard sensitive information within government entities. Furthermore, in December 2023, an unidentified individual operating under the pseudonym 'dawnofdevil' claimed to have compromised the security of the Income Tax Department of India. The infiltration of such a critical government department underscores the persistent threat posed by cybercriminals targeting governmental institutions. These incidents highlight the pressing need for strong cybersecurity measures within government agencies to mitigate the risk of data breaches and cyberattacks. As digital transformation accelerates and reliance on technology grows, ensuring the security and integrity of government databases and systems becomes paramount. As investigations into these alleged cyberattacks continue, government authorities and cybersecurity professionals must work together to strengthen the resilience of critical infrastructure and protect sensitive data from malicious actors. Timely detection, swift response, and proactive cybersecurity measures are crucial in safeguarding national security and maintaining public trust in government institutions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Unverified: ANON SEC BD Claims Cyberattack on Saudi Water Facilities
Unverified: ANON SEC BD Claims Cyberattack on Saudi Water Facilities
The Saline Water Conversion Corporation of Saudi Arabia became the target of a Distributed Denial of Service (DDoS) attack allegedly initiated by the hacktivist group ANON SEC BD on April 25 at 1119 hours UTC. The group claimed responsibility for the alleged cyberattack on SWCC, citing Saudi Arabia's diplomatic stance in the ongoing conflict in Gaza as their motive.
Verification of the alleged cyberattack on SWCC was provided by check host reports furnished by ANON SEC BD.
Despite the claims, upon inspection of the official website of the Saline Water Conversion Corporation, no signs of foul play were detected, as the website remained fully functional. To further verify the validity of ANON SEC BD's claims, The Cyber Express Team reached out to officials for comment. However, as of the time of writing this news report, no official response has been received, leaving the claim unverified.Implication of Cyberattack on SWCC
If indeed proven true, the implications of such an attack could be far-reaching, especially considering the critical role of water treatment plants in ensuring public health and safety. A successful cyberattack on a facility of this nature could disrupt the water supply, leading to significant consequences for communities reliant on it.Without access to clean water, communities would face numerous challenges, including difficulties in maintaining basic hygiene standards, ensuring the safety of food supplies, and providing adequate medical care.
Moreover, disruptions to the water supply could have cascading effects on various sectors, impacting industries, agriculture, and essential services. Industries reliant on water for manufacturing processes would face production delays or shutdowns, leading to economic losses and potential job layoffs. Furthermore, essential services such as firefighting and emergency response rely heavily on access to water. A compromised water supply could hinder the ability of emergency services to effectively respond to crises, putting lives and property at risk. Beyond immediate consequences, the long-term impacts of a cyberattack on a water treatment plant could be profound. Public trust in the safety and reliability of the water supply could be eroded, leading to social unrest and unrest.Previous Targets Highlight Group's Actions
Prior to this incident, ANON SEC BD had also claimed responsibility for targeting the website of Alnassr F.C., a Saudi Arabian football club. These actions demonstrate the group's capability and willingness to target various entities online. [caption id="attachment_65694" align="aligncenter" width="453"] Source: X[/caption] DDoS attacks involve flooding a target server with overwhelming traffic, rendering it inaccessible to legitimate users. While DDoS attacks themselves don't typically involve data breaches or manipulation of systems, they can cause significant disruption to services and operations.Complexity Amid International Tensions
The Saline Water Conversion Corporation plays a crucial role in Saudi Arabia's water infrastructure, particularly in desalination projects aimed at providing clean drinking water to its population. Any disruption to its operations could have serious repercussions, affecting not only domestic water supply but also industries reliant on desalinated water, such as agriculture and manufacturing. The timing of the attack, amid heightened tensions surrounding international conflicts, adds a layer of complexity to the situation. While ANON SEC BD has cited Saudi Arabia's diplomatic stance as their motive, it's essential to note that cyberattacks like these are not uncommon and often stem from a variety of motivations, including ideological, political, or simply seeking attention. For now, the Saline Water Conversion Corporation remains operational, but the incident serves as a reminder of the ever-present threat posed by cyber-attacks and the need for strong defenses against them. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Hacktivists Claim Breach of Belarusian Intelligence Agency
“We do not. We never have. Because we are working to save the lives of Belarusians, not to destroy them unlike the Lukashenko regime,” the Cyber-Partisans said.
More Details on the Belarusian Intelligence Agency Hack
Shemetovets told the Associated Press the group had gained access to the KGB network "several years ago" and was attempting to breach its website and database ever since. The hacktivists in a Sunday Telegram post shared more details from the Belarusian intelligence agency hack, publishing excerpts from the 40,000 contact forms filled by informants and whistle-blowers on the Belarus KGB website over the last nine years. The informants’ data published has come from several countries including Poland, Germany, Azerbaijan, Lithuania and Ukraine the hacktivists said. In one such instance a Ukrainian citizen said he had “information about the concept and some technical details of a fundamentally new rifle complex ... and the possibility of using a similar system as a modernization of tanks of the T-64, T-72, T-80, T-90 family." With the help of the data exfiltrated from the Belarusian intelligence agency hack, the Cyber-Partisans launched a Telegram chat bot called “facement_bot” that allows identification of KGB operatives. “Send a good quality photo with single face to the bot, and if there is a KGB officer in the image, the bot will return information on them,” the Cyber-Partisans said. Shemetovets emphasized that the group's objective is to unveil the truth about political repressions and hold those responsible accountable. While authorities have not issued any official statements regarding the hacktivist claims, the website of the Belarusian KGB said “THE SITE IS UNDER CONSTRUCTION.” The Cyber-Partisans last week claimed infiltration of computers at Belarus' largest fertilizer plant, Grodno Azot, as part of efforts to pressure the government into releasing political prisoners. The state-run plant has not commented on the claim, but its website has been inaccessible since April 17. The Cyber-Partisans claimed to have deliberately disrupted only the boiler unit of the plant, as there were backup sources for power generation.“We had a good understanding of the internal processes of the plant and knew that this would not lead to dangerous consequences for people. But at the same time, we demonstrated our capabilities that we could really manage [with] the operation on Grodno Azot,” the Cyber-Partisans said.Cyber-Partisans have previously also targeted Belarusian state media and, in 2022, launched attacks on Belarusian Railways, disrupting transit routes for Russian military equipment destined for Ukraine. Belarus has been a close ally of the Kremlin and has supported its eastern neighbour in the Russian invasion of Ukraine. Before the start of the offensive, Belarus allowed the Russian Armed Forces to perform weeks-long military drills on its territory. It also allowed Russian missile launchers to be stationed in its territory, which drew a lot of flak from its own people and Ukraine’s allies. "We're sending a clear message to the Belarusian authorities," Shemetovets said. "If they continue political repressions, the consequences will escalate. We will persist with our attacks to undermine the Lukashenko regime." Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
- Cybersecurity News and Magazine
- Central Bank Argentina Data Breach: Hackers Allegedly Offer Customer Info for Sale
Central Bank Argentina Data Breach: Hackers Allegedly Offer Customer Info for Sale
A threat actor purports to be selling the database of the Central Bank of Argentina on a hackers' forum. The potential Central Bank of Argentina data breach, if proven true, poses serious implications for the financial security and privacy of countless individuals.
According to the dark web post, the database allegedly contains sensitive information, including full customer names, CUIL/DNI(ID) numbers, cities, and phone numbers. Such data, if compromised, could expose individuals to identity theft, financial fraud, and other malicious activities, leading to devastating consequences for both customers and the Central Bank of Argentina. However, amidst the claims, crucial details remain shrouded in mystery. The extent of the cyberattack on Central Bank of Argentina and the motive behind it have not been disclosed by the threat actor. Without clarity on these critical aspects, the true nature and severity of the Central Bank of Argentina data breach remains uncertain. [caption id="attachment_65538" align="aligncenter" width="1280"] Source: X[/caption] Adding to the uncertainty is the apparent functionality of the Central Bank of Argentina's official website. Despite the allegations made by the threat actor, the website remains operational, casting doubt on the authenticity of the claim. This discrepancy raises questions about the credibility of the purported database sale and highlights the complexity of navigating the murky waters of cyber threats and disinformation.Potential Ramifications on Central Bank of Argentina Data Breach
If the claim of a database data breach at the Central Bank of Argentina is indeed verified, the ramifications could be far-reaching. Beyond the immediate financial and reputational damage to the bank itself, the fallout may extend to the broader economy and society at large. The compromised data, containing the personal and financial information of individuals, could be exploited by cybercriminals for various nefarious purposes. From identity theft and fraudulent transactions to targeted phishing scams and extortion attempts, the potential threats are manifold and alarming. Moreover, the integrity and trustworthiness of financial institutions, particularly central banks, are paramount for maintaining stability and confidence in the banking system. Any breach or perceived vulnerability could undermine public trust, erode investor confidence, and destabilize financial markets, with ripple effects reverberating across the economy. The absence of concrete evidence and corroborating details complicates efforts to assess the veracity of the threat actor's claims and formulate an effective response.Other Cyberattack Claims on Argentina
This claim follows a series of cyber threats targeting Argentina's institutions. In April 2024, a dark web actor allegedly proposed the sale of Telecom Argentina access for $100 on a hacking forum. According to the threat actor’s post, interested buyers could acquire access enabling them to query personal information tied to individuals in Argentina. This included details on services registered under their names, such as routers, with access to data like Public IP and Private IP addresses.
Moreover, in February 2024, the Córdoba Judiciary in Argentina fell victim to the PLAY Ransomware attack. The ransomware impacted its websites and databases, making it one of the worst computer hacks on public institutions in the Argentine Republic. The hacker left the websites inaccessible, and to date, there have been no improvements on the compromised systems. Police and cybersecurity specialists are assisting with the investigation to identify the incident’s perpetrators. Local sources claim that the ransomware strain “PLAY” infected the government organization’s computers. This ransomware is a well-known threat actor (TA) specifically made to encrypt computer user data and demand ransom payments to unlock it.Understanding Argentina's Vulnerability
Argentina's susceptibility to cyber threats stems from various factors. Firstly, the country's heavy reliance on digital infrastructure for its financial and administrative operations makes it a prime target for cybercriminals. Institutions like the Central Bank, with vast databases containing sensitive customer information, are particularly attractive to threat actors seeking to exploit vulnerabilities. Additionally, the emergence of dark web forums and marketplaces has facilitated the sale and exchange of stolen data, providing cybercriminals with an avenue to profit from their illicit activities. The recent claims regarding the sale of the Central Bank's database and Telecom Argentina access underscore the growing sophistication of cyber threats facing the country. In the absence of definitive information, vigilance and caution are imperative. Heightened cybersecurity measures, including enhanced monitoring, threat detection, and incident response protocols, are essential for mitigating risks and safeguarding critical infrastructure and sensitive data. Furthermore, collaboration and information sharing within the cybersecurity community, both domestically and internationally, are vital for staying abreast of emerging threats, sharing intelligence, and coordinating responses to cyber incidents effectively. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Hunters Ransomware Claims Two: Rocky Mountain Sales, SSS Australia Targeted
Hunters Ransomware Claims Two: Rocky Mountain Sales, SSS Australia Targeted
The notorious Hunters group has allegedly added two new victims to their dark web portal: Rocky Mountain Sales in the United States and SSS Australia. While the extent of the cyberattack, data compromise, and motive behind the attack remain undisclosed by the ransomware group, the implications of such an attack on these prominent organizations could be far-reaching.
Rocky Mountain Sales, Inc., with a revenue of US$5 million, is an outsourced sales and service organization committed to providing leading customer service, sales, and support to all strategic partners. Meanwhile, SSS Australia, boasting a revenue of US$17 million, has been synonymous with the highest standards of quality and value in medical supplies for over 45 years. Given the vastness of these organizations, if the cyberattack on Rocky Mountain Sales and cyberattack on SSS Australia claim is proven true, the consequences could be severe. Not only could it disrupt their operations, but it could also result in substantial financial losses, tarnishing their reputations and undermining customer trust. The potential compromise of sensitive data, such as customer information, financial records, and proprietary business data, could have long-lasting repercussions for both organizations. However, as of now, no foul play can be sensed upon accessing the official websites of both organizations, as they were fully functional. To verify the claim further, The Cyber Express team reached out to officials, but as of writing this news report, no official response has been received, leaving the claim unverified.Hunters International Ransomware Group's Previous Claims
This recent incident follows a string of cyberattacks by the Hunters International group. In April, SpaceX, the aerospace manufacturer and space transport services company founded by Elon Musk, allegedly suffered a cybersecurity incident involving a data breach by the Hunters group, who reportedly posted samples of the breached data. Prior to that, Central Power Systems & Services, a major distributor of industrial and power generation products in Kansas, Western Missouri, and Northern Oklahoma, fell victim to the notorious ransomware group. Before these incidents, the group targeted various organizations across different sectors and countries. In 2024 alone, the Hunters International group claimed responsibility for cyberattacks on the Dalmahoy Hotel & Country Club in the UK, Double Eagle Energy Holdings IV, LLC in the US, and Gallup-McKinley County Schools in New Mexico, among others. The cyberattacks by the Hunters International group highlight the need for organizations to prioritize cybersecurity measures and invest in strong defense mechanisms to safeguard their digital assets. Moreover, international cooperation and information sharing among cybersecurity agencies are crucial in combating such threats effectively.Unverified Hunters Group Claims
While the Hunters International group has claimed responsibility for the cyberattacks on Rocky Mountain Sales and SSS Australia, the lack of verified information about the extent of the attacks emphasizes the challenges in responding to such incidents. Without official confirmation or detailed information from the targeted organizations, the full impact of the cyberattacks remains uncertain. As cybersecurity threats continue to evolve and ransomware attacks become increasingly sophisticated, organizations must remain vigilant and proactive in protecting their networks and data. The recent incidents involving Hunters International serve as a reminder of the potential consequences of inadequate cybersecurity measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Moldova Government Hit by NoName Ransomware: Websites Down
The notorious NoName ransomware group this time has allegedly set its sights on Moldova, targeting key government websites in what appears to be a strategic cyberattack. The recent alleged cyberattack on Moldova digital infrastructure has raised concerns over cybersecurity and geopolitical tensions in the region.
The reportedly affected entities in Moldova include vital governmental organs such as the Presidency, Ministry of Foreign Affairs, Ministry of Internal Affairs, and the State Registry, among others. The Moldova cyberattack has left these websites inaccessible, displaying the ominous message, "This Site Can't be Reached.Political Motives Behind the Cyberattack on Moldova
Although the extent of the cyberattack and the motive behind it have not been explicitly disclosed by the NoName group, a message left by the hackers hints at a political agenda. We continue to send DDoS greetings to the State website of Moldova in order to discourage the local government from craving for Russophobia," the message reads. This suggests a possible attempt to influence Moldova's foreign policy by targeting its digital infrastructure. [caption id="attachment_65468" align="aligncenter" width="531"] Source: X[/caption] The implications of such cyberattacks on Moldova could be profound, affecting not only the government's operations but also the country's stability and security. The ongoing tension between Moldova and Russia adds another layer of complexity to the situation, raising concerns about the potential involvement of state-sponsored actors behind the cyber assault. [caption id="attachment_65469" align="aligncenter" width="528"] Source: X[/caption]NoName Ransomware Group Track Record
This is not the first time NoName has launched such attacks. In March 2024, the group claimed responsibility for targeting multiple websites in Denmark, including key entities like Movia, Din Offentlige Transport, the Ministry of Transport, Copenhagen Airports, and Danish Shipping. Similarly, in January of the same year, NoName targeted high-profile websites in the Netherlands, including OV-chipkaart, the Municipality of Vlaardingen, the Dutch Tax Office (Belastingdienst), and GVB.
Moreover, NoName's recent cyber onslaught on Finland has further escalated concerns. The Finnish government organizations, including Traficom, the National Cyber Security Centre Finland (NCSC-FI), The Railways, The Agency for Regulation and Development of Transport and Communications Infrastructure of Finland, and several subdomains of the Finnish Road Agency, faced temporary inaccessibility due to DDoS attacks. The sophistication and scale of NoName's operations, combined with their apparent political motives, highlight the urgent need for enhanced cybersecurity measures and international cooperation. The rising frequency of cyberattacks targeting governmental institutions across Europe demands a coordinated response from both national and international cybersecurity agencies. Furthermore, these incidents serve as a wake-up call for governments worldwide to prioritize cybersecurity and invest in strong defense mechanisms to safeguard their digital assets. The increasing sophistication of cybercriminals, coupled with geopolitical tensions, highlights the need for proactive measures to protect critical infrastructure and ensure the integrity of government operations. As the investigation into the recent cyberattack on Moldova unfolds, the international community will be closely monitoring the situation, with a keen eye on the implications for regional security and the broader cybersecurity landscape. In an era where cyberspace knows no borders, collective action and cooperation are essential to effectively combat the growing threat of cyber warfare and ransomware attacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- SpaceX Data Breach Back From the Dead: Hunters International Posts Alleged Stolen Information
SpaceX Data Breach Back From the Dead: Hunters International Posts Alleged Stolen Information
Hunters International shared samples and databases supposedly linked to SpaceX, including access to 149.9 GB of data. This database, originally associated with the initial SpaceX data breach linked to LockBit, was traced back to a third-party supplier within SpaceX's supply chain, specifically a manufacturing contractor based in Texas.
Through infiltration of the vendor's systems, LockBit allegedly gained control of 3,000 drawings or schematics verified by SpaceX engineers.SpaceX Data Breach Resurfaces on the Dark Web
[caption id="attachment_65258" align="alignnone" width="1170"] Source: X[/caption] Interestingly, the threat actor sheds light on the SpaceX data breach's infiltration including an undisclosed GoPro development environment. Adding another layer to the intrigue, recent events in April 2024 reveal the Cactus ransomware group's purported targeting of Aero Dynamic Machining, Inc., a US-based aerospace equipment manufacturer. The group alleges to have extracted a staggering 1.1 TB of data, encompassing confidential, employee, and customer information from industry giants like Boeing, SpaceX, and Airbus. Subsequently, the group leaked 5.8 MB of compressed data, containing agreements, passports, shipping orders, and engineering drawings, further intensifying the gravity of the situation. The Cyber Express has reached out to SpaceX to learn more about the data breach claims made by the Hunters International group. However, at the time of writing this, no official statement or response has been received, leaving the claims for the SpaceX data breach stand unverified. Moreover, the website for SpaceX seems to be operational at the moment and doesn’t show any immediate sign of the attack or data breach suggesting a likelihood that the data shared by Hunters International may indeed stem from the breach of 2023.How LockBit Ransomware Group Breached SpaceX?
In March 2023, the LockBit Ransomware group infiltrated a third-party manufacturing contractor in Texas, part of SpaceX's supply chain, seizing 3,000 certified drawings and schematics created by SpaceX engineers. LockBit directly addressed SpaceX CEO Elon Musk, demanding ransom payment within a week under the threat of selling the stolen blueprints. The gang's audacious move aimed to profit from the sensitive data, regardless of the vendor's response. Despite concerns over compromised national security and the potential for identity theft, SpaceX has not confirmed the breach, leaving the claims unresolved. This breach, along with the reappearance of leaked data from previous incidents, highlights the persistent threat of cyberattacks on critical infrastructure. It sheds light on the urgent need for robust cybersecurity measures to safeguard against such breaches, as the ramifications extend beyond financial loss to encompass broader security implications. The reappearance of data from last year's SpaceX data breach is raising significant concerns. This recurrence poses a serious threat to the personal and financial security of millions, potentially exposing them to the risks of identity theft and fraud. Notably, despite the breach being initially reported last year and now resurfacing, SpaceX has yet to confirm the incident, leaving the claims unverified. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- St-Jerome Company Targeted in Alleged Ransomware Attack by Everest Group
St-Jerome Company Targeted in Alleged Ransomware Attack by Everest Group
The infamous Everest ransomware group has struck again, this time targeting Les Miroirs St-Antoine Inc., a longstanding company based in the St-Jérôme region. As of now, the extent of the data breach, the level of data compromise, and the motive behind the cyberattack on Les Miroirs St-Antoine remain undisclosed by the ransomware group.
Founded in 1956, Les Miroirs St-Antoine is a family-owned business specializing in the design, manufacturing, installation, and repair of glazing and aluminum products for commercial, industrial, and institutional sectors. However, the company is now facing allegedly the daunting challenge of navigating the aftermath of this Les Miroirs St-Antoine cyberattack.
Cyberattack on Les Miroirs St-Antoine Remains Unverified
The Everest ransomware group has issued a chilling ultimatum, stating that Les Miroirs St-Antoine Inc. has 24 hours to contact them using the provided instructions. Failure to comply will result in the publication of all stolen data. "Company has the last 24 hours to contact us using the instructions left. In case of silence, all data will be published here," reads the post by Everest ransomware group. This tactic, known as double extortion, is characteristic of the group's modus operandi. [caption id="attachment_65194" align="aligncenter" width="1024"] Source: X[/caption] To investigate further, The Cyber Express Team (TCE) attempted to access Les Miroirs St-Antoine's official website and found it fully functional, indicating no immediate visible signs of compromise. However, this does not discount the possibility of covert access to sensitive company data. TCE has reached out to company officials for clarification but has yet to receive an official response. The Everest ransomware group has been a prominent threat in the cybersecurity landscape since December 2020. Operating primarily in Russian-speaking circles, the group targets organizations across various industries and regions, with high-profile victims including NASA and the Brazilian Government.The Persistent Threat of Everest Ransomware
Known for its sophisticated data exfiltration techniques, Everest ransomware often demands a ransom in exchange for not only decrypting the victim's files but also for refraining from releasing stolen information to the public. This approach maximizes pressure on victims to pay up, as the consequences of data exposure can be severe. Experts have linked Everest ransomware to other notorious cyber threats, such as the Everbe 2.0 and BlackByte families. The group employs a range of tactics, including leveraging compromised user accounts and exploiting Remote Desktop Protocol (RDP) for lateral movement within targeted networks. The Everest ransomware's reach extends beyond private corporations, as they have also targeted government offices in various countries, including Argentina, Peru, and Brazil. This demonstrates the group's audaciousness and their willingness to target entities regardless of their size or prominence. The cyberattack on Les Miroirs St-Antoine Inc. highlights the urgent need for organizations to enhance their cybersecurity defenses. This includes implementing strong security measures, conducting regular vulnerability assessments, and providing comprehensive employee training to mitigate the risk of human error. Furthermore, proactive monitoring and threat intelligence sharing among organizations can help identify and respond to potential cyber threats more effectively. Collaboration between the public and private sectors is essential in combating cybercriminals like the Everest ransomware group. In conclusion, the ransomware attack on Les Miroirs St-Antoine Inc. serves as a reminder of the ever-present threat posed by cybercriminals. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Ransomware Group BlackBasta Targets TRUE Solicitors
TRUE Solicitors LLP, a prominent law firm based in the UK specializing in personal injury claims and employment law, has fallen victim to an alleged cyberattack by the notorious BlackBasta ransomware group. The ransomware group announced the cyberattack on TRUE Solicitors but provided no further details regarding the extent of the breach or the compromised data.
TRUE Solicitors LLP is renowned for its dedicated team of solicitors who provide high-quality legal representation to clients seeking compensation for personal injuries and assistance with various legal matters.Cyberattack on TRUE Solicitors: Unverified
To verify the claim made by the BlackBasta ransomware group, The Cyber Express Team attempted to access the official website of TRUE Solicitors LLP. However, the website was found to be fully operational, casting uncertainty on the authenticity of the ransomware group's announcement. Until an official statement is released by the firm, the truth behind the TRUE Solicitors cyberattack claim remains elusive. This is not the first time the BlackBasta ransomware group has made headlines. In 2024, the group targeted Leonard’s Syrups, a cherished family-owned beverage company in Michigan. The cyberattack on Leonard’s Syrups, announced on a dark web forum, left many questions unanswered, with crucial details about the breach, compromised data, and motives withheld by the cybercriminals. In another incident, the BlackBasta ransomware group claimed two new victims: Southern Water and Asahi Glass Co. While details about the extent of the attacks, compromised data, and motives remain undisclosed, the urgency of the situation is highlighted by the ransomware group's ominous deadline for data exposure.Implications of TRUE Solicitors Cyberattack
If the claim made by the BlackBasta ransomware group regarding the cyberattack is proven true, the implications could be significant. The compromise of sensitive legal information and client data could have far-reaching consequences, not only for the firm but also for its clients and partners. As investigations into the cyberattack on TRUE Solicitors LLP continue, stakeholders await an official statement from the firm regarding the breach and its impact. Until then, the industry remains on high alert, bracing for potential fallout from yet another audacious move by the BlackBasta ransomware group. Only time will tell whether the claim is true or if it is another attempt by cybercriminals to sow fear and uncertainty. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- BSNL Leaked Data Resurfaces with 2.9 Million Records Exposed on Dark Web
BSNL Leaked Data Resurfaces with 2.9 Million Records Exposed on Dark Web
The 2024 BSNL Data Breach Claims Surfaces on BreachForums
[caption id="attachment_64986" align="alignnone" width="1747"] Source: Dark Web[/caption] The leaked data, according to Perell's post on the forum, includes sensitive information from BSNL, a major player in India's telecommunications sector. While the exact reason for the resurfacing of data from 2023 is unknown, Perell shared a link on BreachForums for the stolen data, stating that the "following list of databases would be exfiltrated.” Discussions on BreachForums suggest that the recently leaked data, claimed to be from BSNL in 2024, actually dates back to 2023. Despite its age, the data remains a significant concern due to its large volume and sensitive nature. The decision to leak the same data again in 2024 is puzzling and raises questions about the motives behind this move. [caption id="attachment_65015" align="alignnone" width="1701"] The earlier post shared by the threat actor in December 2023.[/caption] The seriousness of the situation is highlighted by the fact that the compromised data from 2023 was posted on the same forum without any clear evidence of communication between the hacker and Bharat Sanchar Nigam Limited (BSNL), and it's uncertain whether a ransom was demanded or paid. Like the current incident, the original post focused solely on revealing the data of 2.9 million users, indicating a deliberate effort to exploit and profit from the breach. The Cyber Express has reached out to the Indian telecommunication giant to learn more about the authenticity of the data being shared by the threat actor. However, at the time of writing this, no official statement or response has been shared, leaving the claims made by the threat actor stand unverified.The Far-reaching Consequences of the BSNL Database Leak
Following initial reports of the BSNL data leak in December last year, experts expressed concerns about the implications of the incident. Saket Modi, CEO of the cyber risk management startup Safe Security, commented to the Economic Times that the nature of the hack suggested it was likely carried out by an individual rather than an organization. Modi pointed out that the claim of approximately 2.9 million records being compromised suggested that the breach might involve a single website. Additionally, Kanishk Gaur, founder of India Future Foundation, spoke to the Indian media about the wider consequences of the breach, emphasizing its significant impact on both BSNL and its customers. The reappearance of data from last year's BSNL data breach raises serious concerns. This leak threatens the personal and financial security of millions, potentially leading to identity theft and fraud. Notably, despite the breach first surfacing last year and reemerging now, BSNL has yet to confirm the incident, leaving the claims unverified. The Cyber Express has contacted BSNL for comment and is currently awaiting their response. Updates to this story will be provided as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Qiulong Ransomware Group Targets Brazilian Surgeon Dr. Willian Segalin, Citing Privacy Concerns
Qiulong Ransomware Group Targets Brazilian Surgeon Dr. Willian Segalin, Citing Privacy Concerns
Dr Willian Segalin Cyberattack Claims Surfaces on Dark Web
The ransomware group's post on the dark web revealed sensitive information allegedly extracted from Dr Willian Segalin's website, including images of nude patients, confidential personal data, and financial information. The group's message admonished Dr Willian for purportedly neglecting patient privacy and urged him to take action to safeguard sensitive information. [caption id="attachment_64873" align="alignnone" width="1028"] Source: chum1ng0 on X[/caption] “Dr. Willian, if you care about your patients' data and privacy, stop driving your Mustang around like a negligent doctor and avoid remaining silent”, reads the threat actor post. [caption id="attachment_64877" align="alignnone" width="746"] Source: chum1ng0 on X[/caption] The cyberattack on Dr Willian Segalin is not an isolated incident. Within the same timeframe, the Qiulong ransomware group targeted three other Brazilian organizations including two related to plastic surgery and one car dealership. The Cyber Express has reached out to the plastic surgeon's office to learn more about the authenticity of the cyberattack on Dr Willian Segalin. However, at the time of writing this, no official statement or response has been received.Qiulong Ransomware Group Targets Multiple Victims in Brazil
The Qiulong ransomware group's recent cyberattacks extend beyond Dr. Willian Segalin, affecting three other Brazilian entities. The group's posts on the dark web highlight their grievances against these victims, accusing them of neglecting patient privacy and data protection. [caption id="attachment_64880" align="alignnone" width="1074"] Source: chum1ng0 on X[/caption] One victim, Dr. Andrea Rechia, a plastic surgeon, faced criticism for allegedly disregarding patient privacy despite numerous attempts to reach out. The group's post includes sensitive information about the clinic's operations and contact details. Similarly, Dr. Lincoln Graça Neto, another plastic surgeon, was targeted by the ransomware group. The post exposes the clinic's location and amenities but condemns Dr. Lincoln for purportedly neglecting patient data security. The final victim, Rosalvo Automóveis, a car dealership, faced data exposure threats, indicating potential repercussions from the cyberattack. While specific details about the data breach are not provided, the post suggests imminent data exposure. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Glints Data Breach: Alleged Leak of Sensitive Employee Data from Singapore’s Recruitment Platform
Glints Data Breach: Alleged Leak of Sensitive Employee Data from Singapore’s Recruitment Platform
Understanding the Glints Data Breach Claims
The exposed data includes sensitive details such as names, employee IDs, designations, email addresses, dates of birth, physical addresses, national ID numbers, and even bank account information. Samples of these records were provided by the threat actor, adding weight to the claims. [caption id="attachment_64570" align="alignnone" width="1713"] Source: Dark Web[/caption] The impact of this Glints data leak extends to Glints Pte Ltd and Glints Singapore Pte Ltd, two entities closely associated with the recruitment platform. With Singapore as the focal point of this incident, concerns are raised about the potential misuse of this data, especially within the professional services industry. The post attributed to sedapmalam on the BreachForums explicitly lists a vast array of information, including employee IDs, job positions, bank details, and even personal contact details. This comprehensive data dump highlights the severity of the alleged breach and the potential risks faced by those affected.Response to the Breach and Vulnerability Assessment Program
The Cyber Express has reached out to the requirement platform to learn more about the authenticity of the Glints data leak. However, at the time of writing this, no official statement or response has been shared, leaving the claims by sedapmalam largely unverified. Interestingly, while the Glints website appears to be operational, there are no immediate indications of a cyberattack on the front end. This suggests that the threat actor may have targeted the organization's database directly, circumventing traditional security measures. Notably, Glints has a dedicated service page inviting security researchers to identify vulnerabilities within its platform. While the recruitment firm data breach and any possible connection between the vulnerability assessment platform has not been verified, the alleged leak raises questions about the stolen data being part of the program or is simply republished on the dark web platform. As the investigation into the Glints data breach unfolds, The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the Glints data breach or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- 8Base Ransomware Group Launches Cyberattack on Bieler Lang GmbH, Threatens Data Leak
8Base Ransomware Group Launches Cyberattack on Bieler Lang GmbH, Threatens Data Leak
Analyzing the Bieler Lang GmbH Cyberattack and Other Intrusions
This cyberattack has significant implications for Bieler Lang GmbH. However, other organizations, including FEB31st, Wasserkraft Volk AG, Speedy France, and The Tech Interactive are facing the same allegation from the threat actor, highlighting the scape of the breach and threat actor perplexing intentions. [caption id="attachment_64534" align="alignnone" width="991"] Source: X[/caption] The Bieler Lang GmbH cyberattack was posted on the threat actor’s data leak site and several screenshots were posted about the organization and the data stolen from the attack. In 8Base’s words, the threat actor said, they have uploaded “invoices, receipts, accounting documents, personal data, A huge amount of confidential information”, and other personal data about the organization. The Cyber Express reached out to Bieler Lang GmbH for further details regarding the incident. However, as of now, no confirmation or denial has been issued by the organization, leaving the claims of the cyberattack on Bieler Lang GmbH stand unverified.The Anonymity of the 8Base Ransomware Group
Despite the cyber intrusion, the website of Bieler Lang GmbH appears to be operational, showing no immediate signs of the attack. However, it's important to note that 8Base operates not solely as a ransomware operation but as a data-extortion cybercrime group. They have gained notoriety for targeting similar companies and posting about their exploits on data leak sites. While the origins and identities of the 8Base operators remain unknown, cybersecurity experts emphasize that their recent surge in activity indicates a well-established and mature organization. With a history of targeting companies that neglect data privacy, the group presents a challenge to cybersecurity efforts globally. As for the Bieler Lang GmbH cyberattack, this is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information about the attack or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Family-Owned Music Store Targeted: MEDUSA Ransomware Strikes Ted Brown Music
Family-Owned Music Store Targeted: MEDUSA Ransomware Strikes Ted Brown Music
Decoding the Ted Brown Music Cyberattack Claims
[caption id="attachment_64315" align="alignnone" width="1030"] Source: X[/caption] Transitioning to more tangible information, the post provides details about Ted Brown Music, including its rich history, family ownership, and corporate address in Tacoma, Washington. With 95 employees and a distressing disclosure of 29.4 GB of leaked data, the magnitude of the alleged breach becomes all too apparent. The ransom demands escalate, starting at $10,000 to add one more day before the data gets published. Similarly, by paying $300,000, the threat actor will “delete all data” or the organization can “download all data” again. The message concludes with the numeral "23", adding the list of viewers who saw the data. The Cyber Express has reached out to the organization to learn more about this cyberattack on Ted Brown Music. However, at the time of writing this, no official statement or response has been received, leaving the claims for the Ted Brown Music cyberattack stand unverified.The Rise of MEDUSA Ransomware Group
The cyberattack on Ted Brown Music follows a list of cyberattacks faced by the music industry. According to Gitnux, the sector grapples with an alarming rate of cyber attacks, with breach detection often taking months and the average cost of an attack skyrocketing. Among these cyberattacks, the MEDUSA ransomware group has manifested into a sophisticated cybercrime group. Emerging as a ransomware-as-a-service (RaaS) platform in late 2022, Medusa gained infamy in 2023, primarily targeting Windows environments. The threat actors operate a site where they expose sensitive data from organizations that refuse to meet their ransom demands. Employing a multi-extortion approach, they offer victims choices like extending deadlines, deleting data, or downloading it, each option coming with a price. In addition to their Onion site, they use a Telegram channel named “information support” to publicly share compromised files, making them more accessible. As for the cyberattack on Ted Brown Music, this is an ongoing story and The Cyber Express will be monitoring the situation. We’ll update this post once we have more information on the alleged attack or any confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Consol Energy Targeted in Cyberattack: Russian Cyber Army Claims Responsibility
Consol Energy Targeted in Cyberattack: Russian Cyber Army Claims Responsibility
Alleged Consol Energy Cyberattack Claims by Pro-Russian Hackers
[caption id="attachment_64266" align="alignnone" width="450"] Source: Falcon Feeds on X[/caption] The threat actor's post suggests a motive behind the attack, citing Consol Energy's role as a competitor in the European energy market and its alleged benefits from the conflict in Ukraine. The Cyber Express has reached out to the organization to verify the authenticity of the Alleged Consol cyberattack. However, at the time of writing this, no official statement or response has been received, leaving the claims for the Alleged Consol cyberattack stand unverified. [caption id="attachment_64268" align="alignnone" width="712"] Source: X[/caption] Interestingly, this isn't the first time Consol Energy has been targeted by cyber threats. In 2023, the Cl0p ransomware group claimed responsibility for a similar attack on the company. Despite these incidents, Consol Energy continues to post on its social media channels and is contributing to the country's power supply. In the wake of the cyberattack, financial analysts are observing the impact on Consol Energy's stock performance. Justin Spittler, Chief Trader at Hedge_Your_Risk, notes insights into coal stocks, highlighting CONSOL Energy's resilience despite a recent decline. [caption id="attachment_64269" align="alignnone" width="990"] Source: Justin Spittler on X[/caption] However, the extent to which the cyberattack influenced this decline remains uncertain, pending official statements from the company.Cyber Army Russia Reborn and Ongoing Investigation
The cyberattack on Consol Energy is part of a broader trend of cyber threats targeting energy companies worldwide. Just last month, Cyber Army Russia Reborn claimed responsibility for cyberattacks in Slovenia, targeting government bodies and the public broadcaster. In a video message, group implied that attacks were due to Slovenia's backing of Ukraine. Voiced in Slovenian and circulated by local news, the message urged Russians and Slovenians not to harbor animosity, citing shared heritage. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged attack or any official confirmation from Consol Energy. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Alleged Luxor Data Breach: Sensitive Information from Indian Stationery Giant Leaked
Alleged Luxor Data Breach: Sensitive Information from Indian Stationery Giant Leaked
Alleged Luxor Data Breach Exposes Sensitive Database
[caption id="attachment_64173" align="alignnone" width="1757"] Source: Dark Web[/caption] The Luxor data breach included information about individuals registered on the Luxor's website, implying that the leaked data could be authentic. If the stolen data turns out to be true, the Luxor data leak can lead to loss of trust, financial losses, reputational damage, identity theft, operational disruption, and potential fraud, impacting not only the company but also its customers and stakeholders. Luxor Writing Instruments Private Limited and Luxor International Private Limited, the entities allegedly affected by the breach, are notified about the breach. With operations spanning the Indian subcontinent, Luxor's breach has ramifications not only for its domestic clients but also for its customers and partners across Asia & Pacific (APAC). Moreover, the postmaster's motives remain unclear as the hacker has not shared any intent or motivation regarding the breach, and the stolen data seems to be limited to customers only as it only contains data from Gmail accounts instead of the organization’s business accounts.Decoding the Luxor Data Breach Leak
In a public post attributed to postmaster, the threat actor provided insights into the Luxor data breach, describing Luxor as the "brand leader in the Indian Writing Instrument Industry." The post included details such as the file name (luxor.in.sql) and size (692 MB uncompressed), offering a glimpse into the scale of the data compromised. The leaked data appears to consist of billing information or transaction records, organized into distinct entries featuring various fields. These fields likely include identifiers, timestamps, numerical values, and textual data, indicating a comprehensive system for managing billing-related activities. The Cyber Express has reached out to the organization to learn more about the authenticity of this Luxor data leak. However, at the time of writing this, no official statement or response has been received, leaving the claims for the Luxor data breach stand unverified. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Luxor data breach or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- US Atlantic Fisheries Commission Goes Offline: Ransomware Attack or Routine Maintenance?
US Atlantic Fisheries Commission Goes Offline: Ransomware Attack or Routine Maintenance?
Atlantic States Marine Fisheries Commission: Officials were Given a Four-Day Deadline
[caption id="attachment_63831" align="alignnone" width="683"] Source: Shutterstock[/caption] On April 15th, the 8Base ransomware group asserted on its official leak site that it had obtained information such as personal data, invoices, receipts, accounting documents and certificates. The group gave the organization a deadline of four days to pay the ransom, warning that if the ransom was not paid by April 19th, they would release the data. Of particular concern is the extent of the alleged data breach due to the nature of the data stored on the ASMFC's website, which includes confidential information on fishery management, nearshore fish species, habitat conservation efforts and law enforcement initiatives. For a while, the commission's official website displayed a notice instructing users to use a different address and phone number temporarily while its official services remained down. While it's email services seem to have been restored as the notice is no longer displayed, it is uncertain if the disruption was due to the alleged attack, a routine maintenance effort, or otherwise. [caption id="attachment_63860" align="alignnone" width="2696"] Source: Archived copy of the official site(asmfc.org) displaying earlier notice.[/caption] The Cyber Express reached out to the ASMFC for further details and confirmation regarding the ransomware gang's claims, but have not received a response yet at the time of working on this report.8Base Ransomware Group Shares Similarity with Other Groups
The ransomware group, which claimed this cyberattack, has been a notorious threat actor on the dark web, sharing similarities with other threat actors of equal prowess. Last year in 2023, researchers from VMware reported that they had discovered significant similarities between the operations of both 8Base and RansomHouse. These similarities included a 99% similarity match in ransom notes between the groups, and other similarities in the verbiage of the two groups in the leak site on the welcome page, terms of service page and FAQ page. Other similarities were also noted between 8Base and the Phobos threat actor group, raising questions about the relationships between these groups and the scale of collaboration or independence. Moreover, what seems like a possible cyberattack in the case of the Atlantic States Marine Fisheries Commission (ASMFC), the water industry saw many cyberattacks in 2023. In September 2023, another joint body water association between the U.S. and Canada, the International Joint Commission was been hacked by NoEscape. The group had stolen and encrypted similar confidential data including contracts, legal documents, personal details of employees and members, and financial and insurance information. These incidents highlight the need for robust measures within organizations responsible for managing vital resources and essential sectors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Caught in the Crossfire: Jordan’s Cyber Defenses Tested Amid Israel-Iran Clashes
Caught in the Crossfire: Jordan’s Cyber Defenses Tested Amid Israel-Iran Clashes
Cyberattacks on Jordan Amidst Public Outrage
[caption id="attachment_63508" align="alignnone" width="780"] Source: X[/caption] Jordanian authorities are dealing with reports of cyberattacks while also facing public criticism for their decision to support Israel against Iran. The organizations suspected to be affected include the Jordan Stock Exchange and the Jordanian Water Company Yarmook. [caption id="attachment_63510" align="alignnone" width="776"] Source: X[/caption] The gravity of the Jordan cyberattacks was highlighted when the hacker group threatened to leak sensitive information pertaining to more Jordanian companies. This warning, coupled with the release of sample documents, further exacerbated the situation in the country. Amidst the chaos, the cyber assailants remain elusive, evading detection as they exploit vulnerabilities in Jordanian organizations. The leaked sample data allegedly comprises sensitive documents and information, including financial auditing reports for companies like Jordan Steel, insights into Jordan's alleged assistance to Israel against Iranian threats, and documents from other Jordanian entities. The Cyber Express has reached out to the listed victims to learn more about these cyberattacks on Jordan. However, at the time of writing this, no official statement or response has been received, leaving the claims made by the threat actor to stand unverified right now.Jordanians Display Insurgency Against the Government
The ramifications extend beyond Jordan's borders, intersecting with the broader geopolitical setup of the region. Reports of Jordan's assistance to Israel in countering Iranian threats have triggered uproar and dissent within the country wherein the local public feels betrayed by their government. The fallout from these events reverberates across social media platforms, fueling speculation and resentment. Accusations of betrayal and collusion with Israel overburden online discourse, painting a portrait of disillusionment and discontent among Jordanians. Jordan reportedly is experiencing public outrage for supporting Israel against an Iranian attack. Misinformation regarding the king's role is being circulated online. Many Jordanians feel betrayed by their government's stance, resulting in significant anger and protests against the alliance with Israel. Amidst the chaos, Jordan's vulnerabilities are laid bare once again, wherein an unfamiliar hacker group is claiming cyberattacks on multiple organizations at once. This intrusion, not confirmed though, highlights the current situation in the Middle East where hackers, governments, and the local public are taking sides while war is disrupting the livelihood of common citizens. This is an ongoing story and The Cyber Express will be monitoring the situation. We’ll update this post once we have more information on the alleged cyberattacks on Jordan or any official confirmation from the listed organizations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- RansomHouse Allegedly Strikes Lopesan Hotels: 650GB Data Breach Unfolds
RansomHouse Allegedly Strikes Lopesan Hotels: 650GB Data Breach Unfolds
RansomHouse Group Shares Details on the Lopesan Hotels Cyberattack
The Cyber Express has reached out to the hotel group to learn more about this Lopesan Hotels cyberattack. However, at the time of writing this, no official statement or response has been received, leaving the claims for this intrusion stand unverified right now. However, the hacker group alleges that along with the claims of the cyberattack, the group added that the hotel chain is failing to resolve the cyberattack situation, stating, "Dear Lopesan Hotel Group, We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to start resolving that situation." Moreover, RansomHouse shared a link to the downloadable data that doesn't require any password, making the data available to all the users on the data leak site.RansomHouse Group is Known to Target High-Value Targets
The ransomware gang that claimed this attack began as a ransomware-as-a-service operation that emerged in late 2021 with active attacks against the networks of large enterprises and high-value targets. RansomHouse initially began targeting Italy, but later began targeting countries such as the United States and Spain. The group primarily tends to target the industrial and technology sectors and set up a victim extortion page on May 2022. In the words of RansomHouse representatives, the group claims to not encrypt data and that they are 'extortion only,' claiming itself as a ‘force for good’ that intends ‘shine a light’ on companies with poor security practices. The group has been observed accepting only Bitcoin payments. The group's operations tend to be smaller and more sophisticated than some of the bigger contemporary ransomware groups. They are known to recruit members on prominent underground marketplaces and utilize a Tor-based chat room for ransom negotiations. Since the group tends to conduct extortion only attacks, their techniques tend to be stealthier and quicker as no encryption process occurs and typical ransomware detection triggers are avoided.RansomHouse Group Was Responsible for Massive Data Breaches
The RansomHouse group recently developed a new tool dubbed as 'MrAgent' that targets VMware ESXi hypervisors typically known to house valuable data. The group targeted several large-sized organizations through the last year. Their campaigns include attacks such as the theft of 450 GB of data from the semi-conductor giant AMD, an attack disrupting the healthcare services of the Hospital Clínic de Barcelona in Spain, and an an attack on Shoprite, Africa's largest supermarket chain The sophistication of the RansomHouse group's campaigns and scale of their attacks demand heightened vigilance and proactive defense strategies to safeguard against similar breaches, despite their claims to be a positive force. As for the Lopesan Hotels cyberattack, this is an ongoing story. The Cyber Express will be monitoring the situation and we'll update this post once we have more information on this alleged attack or any official confirmation from Lopesan Hotels. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- IntelBroker Claims Channel Logistics LLC Data Breach: Space-Eyes Division Allegedly Impacted
IntelBroker Claims Channel Logistics LLC Data Breach: Space-Eyes Division Allegedly Impacted
IntelBroker Alleges Channel Logistics LLC Data Breach
[caption id="attachment_62981" align="alignnone" width="2098"] Source: Dark Web[/caption] Among the sample files shared by the hacker, one particular concern is the discovery of email addresses linked to various US government entities within the leaked data. However, due to limited information, it has been challenging to ascertain the precise extent of the breach and its implications for these organizations. Space-Eyes, a division of Channel Logistics LLC, specializes in technology services, with a focus on national security. The leaked documents reportedly include highly confidential information related to services provided to prominent US government agencies such as the Department of Justice, Department of Homeland Security, and the US military branches. The Cyber Express has reached out to Channel Logistics LLC to learn more about this alleged Space-Eyes data leak. However, at the time of writing this, no official confirmation or denial has been shared, leaving the claims for this Channel Logistics LLC data leak unconfirmed.Cyberattack on BreachForums' Clearnet Site
Upon further investigation, The Cyber Express found that the organization's website appears to be operational, showing no immediate signs of the reported breach. Moreover, BreachForums, the platform where IntelBroker disclosed the alleged breach, has faced its own set of challenges. The clearnet site of BreachForums is currently inaccessible, with the administrator, Baphomet, issuing a statement acknowledging the suspension of the domain. Users have been advised to access the platform via TOR until the issue is resolved — leaving the clearnet users out of the sample data provided by the hacker. Additionally, BreachForums may have been targeted by a distributed denial-of-service (DDoS) attack. R00TK1T, in conjunction with the CyberArmyofRussia, has claimed responsibility for the attack and threatened to publish the IP and email addresses of users. Despite this, the TOR address of BreachForums remains functional and is accessible to Tor users. As for the Channel Logistics LLC data breach, this is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Channel Logistics LLC data leak. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- Handala Hacker Group Warns Israel: 500K Texts Sent Amid Alleged Iron Dome Security Breach