For the latest discoveries in cyber research for the week of 29th January, please download our Threat_Intelligence Bulletin.
TOP ATTACKS AND BREACHES
- Following the reports on Russia-affiliated APT29 (AKA Cozy Bear, Midnight Blizzard) attack against Microsoft, also Hewlett-Packard Enterprise acknowledged it was attacked by the same threat actor. While Microsoft detected the breach on January 12 and the password-spray attack began in November 2023; HPE’s investigation points to evidence that APT29 was able to maintain persistence on the company’s systems since May 2023. Security experts estimate more companies are expected to confirm their email system has also been compromised by the group in this cyber-espionage attack.
- Ransomware gang LockBit claimed responsibility for a recent attack on EquiLend, a Wall Street stock-lending firm. The attack rendered the EquiLend platform and other automation solutions offline, and a representative said it could take days to recover. The attack on the company, owned by BlackRock, JP Morgan and other major firms, is said to have ‘limited’ affect on financial market players that were forced to switch to manual processes as the platform crashed.
Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.LockBit.ta*; Ransomware.Win.Lockbit; Gen.Win.Crypter.Lockbit.AI, Ransomware_Linux_Lockbit)
- Largest Ukrainian online bank Monobank was hit by a three-day long DDoS attack. Some of the mobile-only bank operations were disrupted due to the attack. While the attacker hasn’t officially been identified, it is presumed the attack was executed by Russian hacktivists.
- Multiple Ukrainian state-owned entities, including Naftogaz, the Postal Service, Railway Services, and transportation agency DSBT, experienced cyberattacks, leading to service disruptions. The attacks targeted data infrastructures, causing operational issues such as postal delays, offline websites, and disruptions in border-crossing systems for cargo delivery. Russian hacktivist group, National Cyber Army, claimed responsibility for the DSBT attack but did not mention other affected entities.
- Genetic tests provider 23andMe, confirmed a credential stuffing attack that went unnoticed for five months. The cyberattack, which started in April and went unnoticed until September, compromised health reports and raw genotype data of 1 million Ashkenazi Jews and 4 million UK residents, and is currently being leaked on cyber-crime forums.
- Pro-Ukraine hacktivist group ‘BO Team’ claimed responsibility for an attack on a Russian research center known as ‘Planeta’. According to Ukraine’s defense intelligence directorate (GUR), the breach led to the destruction of state-owned Planeta’s database and valuable equipment, compromising data from Earth-observing satellites.
VULNERABILITIES AND PATCHES
THREAT INTELLIGENCE REPORTS