We are only 10 days into 2023 and already a ransomware attacks continue to escalate. San Francisco’s Bay Area Rapid Transit (BART) is investigating an alleged ransomware attack after the Vice Society ransomware gang claimed to have attacked the agency. BART which is the fifth-busiest heavy rail rapid transit system in the US, was listed on the group’s leak site on Friday. The chief communications officer for BART, reported that they are investigating the data that was stolen and posted by the
vice society (5)
Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.” Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities. This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.
Activity Summary - Week Ending on 7 October 2022:
- Red Sky Alliance identified 24,201 connections from new IP’s checking in with our Sinkholes
- Pptechnology Limited in Romania hit 485x
- Analysts identified 1,163 new IP addresses participating in various Botnets
- Royal Ransomware
- Phishing Microsoft
- US National Elections
- Vice Society
- New Zealand Attack
- Ferrari Issues
Link to full report: IR-22-281-001_weekly281.pdf
This joint CISA - Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about
Activity Summary - Week Ending on 29 April 2022:
- Red Sky Alliance identified 10, 907 connections from new IP’s checking in with our Sinkholes
- msk.ru has issues
- Analysts identified 3,698 new IP addresses participating in various Botnets
- Vice & Industrial Spy
- US Agriculture under Attack
- T-Mobile Hit (again)
- Oil India LTD
- Getting Annoyed?
- Lapsus$
Link to full report: IR-22-119-001_weekly119.pdf