An Israeli-affiliated hacking collective, known as "Predatory Sparrow," has reportedly claimed responsibility for significant service disruptions at approximately 70% of petrol stations across Iran. This information was initially brought to light by Javad Owji, Iran's Oil Minister, during a statement on state television where he mentioned external intervention as a probable factor.
The claim by Predatory Sparrow was later corroborated by reports from both Iranian and Israeli media outlets. In a statement, purportedly from the group and cited by Iranian media, Predatory Sparrow indicated that the cyberattack was executed with precise control to circumvent any harm to emergency services. This recent incident aligns with the group's history of cyber warfare, notably their previous admission of orchestrating a cyberattack on Iran's major steel corporations, an operation subtly insinuated to be backed by Israel. Meanwhile, Iran's civil defence agency, tasked with the nation's cybersecurity, is conducting thorough investigations and remains open to all potential causes behind these widespread disruptions.
Comcast Cable Communications, trading as Xfinity, revealed on Monday that a breach of its Citrix server in October led to the theft of sensitive customer data. The breach was discovered on October 25, following the release of security patches for a critical vulnerability named Citrix Bleed (CVE-2023-4966) by Citrix two weeks prior. Malicious network activity was detected between October 16 and 19. An investigation found that the breach affected approximately 35.88 million people, with data exfiltration confirmed on November 16.
The compromised data includes usernames and hashed passwords, and potentially other personal information such as names, contact details, partial social security numbers, birth dates, and secret questions and answers. Xfinity disclosed these findings on December 6, 2023, noting that data analysis is ongoing.
Customers reported receiving password reset requests last week without explanation. Xfinity, while assuring customers that no data leaks or customer attacks were known, emphasized the importance of resetting passwords and encouraged enabling two-factor or multi-factor authentication. Despite the breach, Xfinity's operations remained unaffected, and there was no ransom demand. The company's cybersecurity team is actively monitoring the situation to ensure customer protection.
Insomniac, the Sony-owned studio behind the PlayStation 5 hit Spider-Man 2, has suffered a significant ransomware attack. Last week, hackers demanded a $2 million ransom to prevent the release of confidential information. Since the demand, details about upcoming games, including work-in-progress footage of its highly anticipated Wolverine game, have been leaked online.
The leak reportedly includes sensitive employee data and internal emails. The gaming community, including developers, journalists, and fans, has strongly condemned the attack, advocating against sharing the leaked content. The leak also exposed employees' personal information.
The ransomware group Rhysida claimed responsibility for this attack and a recent one on the British Library. This method involves using malware to lock a company's network files, demanding a ransom for their release. This incident follows a trend of high-profile game studio leaks, including last year's leak of Rockstar Games' Grand Theft Auto 6 details.
Three major companies, MongoDB Inc., VF Corp. (owner of North Face and Vans), and mortgage broker Mr. Cooper Group Inc., reported significant cyberattacks this week.
MongoDB's breach involved unauthorised access to its corporate systems, exposing customer account metadata and contact information. Customers were notified via email on December 13th, and the company is still investigating the extent of the breach.
VF Corp.'s hack, disclosed in a U.S. Securities and Exchange Commission filing, included the encryption of some systems and the theft of personal data. Also identified on December 13th, this incident, possibly the first reported under new SEC rules requiring disclosure within four days, is expected to impact the company's operations during the holiday season.
The most extensive breach affected Mr. Cooper, impacting 14.7 million current and former customers. This "cyber breach" compromised sensitive personal information, including names, addresses, Social Security numbers, birth dates, and bank account details. The company has taken measures to contain the incident and is monitoring the dark web for any misuse of the stolen data.
These incidents highlight the growing threat of cyberattacks in various sectors, particularly financial institutions.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Integrity360's flagship conference Security First comes to Stockholm in 2023!
Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.