Weekly Cyber Digest

26 May 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
TensorFlow
Cisco IOS XR
Mozilla Thunderbird
Siemens JT2Go
RPM
Deep & Dark Web
Name Heat 7
Google Chrome Browser
Adminer
BusyBox
Apache Tomcat
Windows Defender SmartScreen

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Atlanta Perinatal Associates (US) Vice Society added the healthcare entity to their leak site on May 19th, 2022. The leaked files likely contain patient records, however files from electronic medical records or the billing system are thought to not be included. Possibly exposed data includes names, dates of birth, patient ID number, and more. Unknown
Nikkei Group Asia (Singapore) A ransomware attack occurred when unauthorised access to a server was detected on May 13th, 2022. The affected server likely contained customer data. Unknown
Fronteo USA (US) A ransomware attack occurred on May 11th, 2022. Cuba ransomware operators claimed responsibility and posted stolen files on the company’s hacked website. These included financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation, and source code. Unknown
Fort Sumner Municipal Schools (US) On May 19th, 2022, the district confirmed they suffered a cyberattack. The Cl0p ransomware leak site displayed sensitive information from students, faculty members, and parents, including scans or driver’s licences and more. Unknown
Trust Stamp (US) The company left the personal information of several dozen people unsecured on a breached database, after publicly posting credentials that could be used to access the Trust Stamp demo app’s API. Included in the database are names, dates of birth. home addresses, and driver’s licence data. Unknown
Ministry of Interior (Israel) The ministry illegally shared the biometric data of millions of citizens with another government agency between 2015 and March 2022. The agency in question remains unknown. Unknown
Chicago Public Schools (US) A ransomware attack against their vendor, Battelle for Kids, on December 1st, 2021, exposed four years’ worth of records of students and employees. Basic information, including students’ dates of birth, was exposed. ~560,000
Texas Department of Transportation (US) On the weekend of May 21st, 2022, two posts were made on a hacking-related forum that suggested the department’s portal for the certified payroll system for contractors had been hacked. The posts included screencaps of an employee’s set up and listings of a contractor’s projects. Files provided as proof to Databreaches[.]net contained an employee list report for a named contractor, consisting of over 18,000 pages and information on more than 9,250 contractor employees. Unknown
General Motors (US) A credential stuffing attack occurred between April 11th and April 29th, 2022. The incident exposed some customers’ information, and allowed hackers to redeem rewards points for gift cards. Potentially compromised information includes names, email and physical addresses, profile pictures, and more. Unknown
People’s Police (China) USA Today revealed details of the so-called ‘Xinjiang Police Files,’ reportedly obtained by a hacker from computer systems of two local police agencies in Konasheher and Tekes. The files include over 5,000 photos of what appear to be Uyghur people taken at police facilities, databases, transcribed speeches by the Chinese Communist Party, charges against the detainees, and more. Unknown
FPS Medical Center (US) The healthcare provider’s systems were encrypted with malware and consequently accessible to an unknown actor between February 29th, and March 3rd, 2022. Potentially compromised data includes names, addresses, dates of birth, driver’s licences, medical information, health insurance information, and Social Security numbers. 28,024
Regional Eye Associates (US) An individual gained access to their vendor’s system on December 4th, 2021. Investigations are ongoing to determine if any personal health information was exfiltrated. 194,035
Bryan County Ambulance Authority (US) Patient data was stolen during a ransomware attack on November 24th, 2021. The company disabled all access to the network and restored all the encrypted data. 14,000
Somerset County (US) The county suffered a ransomware attack on May 24th, 2022, that disabled the county government’s email system. The Somerset County Prosecutor’s and Sheriff’s Offices are also impacted by the email outage. Unknown
MGM Hotels (US) On May 22nd, 2022, vpnMentor researchers discovered 142 million records of MGM Hotels guests being circulated on Telegram. The data comes from a breach discovered in 2019, while the stolen data was initially sold on a hacker forum in July 2020. The files contain data of customers from before 2017, including full names, postal addresses, email addresses, phone numbers, and dates of birth. >30,000,000
SpiceJet (India) On May 25th, 2022, the airline disclosed it suffered an attempted ransomware attack that impacted and slowed down morning flight departures. SpiceJet stated their IT team had contained and rectified the situation. Unknown
Scarborough Health Network (Canada) Unauthorised access to its system occurred between January 25th and February 1st, 2022. Possibly compromised information includes names, dates of birth, home and email addresses, OHIP numbers, insurance policy numbers, and more. Unknown
Washington University School of Medicine (US) An unauthorised actor gained access to employee email accounts between March 4th and March 28th, 2022. Possibly exposed information of patients and research participants includes names, dates of birth, medical records, clinical information, and more. Social Security numbers may have been impacted in some cases. Unknown
Linn County, Oregon (US) On May 25th, 2022, Conti ransomware operators published nearly 1,500 documents stolen on January 24th, 2022. Officials stated that they chose not to pay a ransom as they had backups. Much of the stolen data was reportedly considered to be public record. Unknown
Police Service of Northern Ireland The service reportedly wrongly shared the personal information of individuals with foreign law enforcement agencies. The Information Commissioner’s Office confirmed it was investigating the breach. 152
Multiple Individuals (UK) A new website, called ‘Very English Coop d’Etat’, has leaked emails from several leading proponents of Brexit. This includes private emails from former head of MI6, Richard Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs, and more. The site is allegedly linked to Russia-based hacking group Cold River. 152

Threat Actor mentions in Government

Time Series

This chart shows the trending threat actors related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Critical Infrastructure In April 2022, Check Point researchers discovered an espionage operation, dubbed Twisted Panda, targeting defence research institutes in Russia, and possibly Belarus. It may be a continuation of a long-running espionage operation against Russian-related entities that has been ongoing since at least June 2021. The campaign involves spear phishing emails, with a lure claiming the United States are spreading a biological weapon, to distribute the previously undocumented backdoor SPINNER. The campaign has been attributed with high confidence to a Chinese threat actor. The campaign may have possible connections to Stone Panda, and Mustang Panda.
Technology In the last six months, Microsoft researchers observed a 254% increase in activity from the Linux trojan XorDdos, first discovered in 2014. XorDdos amasses botnets to perform distributed denial-of-service (DDoS) attacks on Linux endpoints and servers. XorDdos mainly uses SSH brute force attacks to propagate and uses root privileges to run a script that retrieves and runs XorDdos on the target. It uses XOR-based encryption for its communication.
Healthcare A cyberattack ‘severely’ impacted Greenland’s hospital system and caused its digital network to crash. Patient medical records can currently not be accessed. The government of Greenland stated that, at present, data of citizens does not appear to have been damaged or copied. The government has not yet confirmed whether ransomware was involved.
Cryptocurrency Threat actors are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex cryptocurrency trading platform scam that steals deposited funds. The campaign began in May 2022, and uses newly created or hacked YouTube channels to host the deep fake videos. The videos are legitimate interviews modified with deep fake technology.
Government Malwarebytes researchers discovered four separate spear phishing campaigns that have targeted Russian government entities with remote access trojans (RATs) since the invasion of Ukraine in late February 2022. The malware in all four campaigns is essentially the same heavily obfuscated DLL file, with some small differences in the code. The RATs have been spread via a fake interactive map of Ukraine, fake Log4Shell patches, domains and social media accounts spoofing Rostec, and fake job advertisements for Saudi Aramco.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal