In April of this year, a cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining momentum as a cybercriminal operation. On 1 June, the RansomHub operation posted Frontier Communications to its leak site claiming to have sensitive information of more than 2 million people. The group claimed it spent more than two months attempting to extort the company but never got a response. Frontier did not respond to requests for comment but reported a cyber incident to the US Securities and Exchange Commission (SEC) in April. At the time, the Dallas-based company said it detected unauthorized access to its IT systems on 14 April and began instituting “containment measures” that included “shutting down certain of the Company’s systems.” The shutdowns caused operational disruption that the company said, “could be considered material.”
“Based on the Company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information,” the company said in the SEC filing. The ransomware gang claimed it had access to names, addresses, Social Security numbers, credit scores and more.
Since emerging earlier this year, RansomHub has quickly taken credit for several high-profile incidents. Hackers involved in the ransomware attack on Change Healthcare, which may involve the healthcare data of one-third of all Americans, are using the RansomHub platform to sell the stolen information. Members of the group have also claimed attacks on Christie’s, the world’s largest auction house by revenue, and other organizations.
Experts from NCC Group said RansomHub was the third most prolific ransomware gang that operated in March, with at least 27 attacks. The group’s emergence has reinforced a longstanding assertion by security researchers that ransomware gangs are nebulous operations, with affiliates moving between different operations and selling stolen data or access to different groups.
In a ransomware report from security firm Mandiant, researchers said Ransomhub is attempting to “recruit affiliates that have been impacted by recent shutdowns or exit scams,” most notably the law enforcement takedowns of LockBit and AlphV.
Source: RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks (darkreading.com)
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Our services can help detect cyber threats and vulnerabilities. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments