Weekly Cyber News Roundup

March 2nd to March 8th 2024

Content 

01. News Bites
  • BlackCat Ransomware Gang's Alleged Exit Scam: Claims FBI Seizure While Plotting $5 Million Malware Sale
  • Pro-Russian Hacker Group Targets Swedish Government Websites in Coordinated Attack
  • Change Healthcare Pays $22 Million in Bitcoin to Cybercriminals After Ransomware Attack
  • Nearly 30,000 Fidelity Life Insurance Customers' Data Breached in Infosys Cyberattack
  • South Korea Launches Deepfake Detection Tool Ahead of Elections Amidst Electoral Challenges
02. Conclusion

Quick News Bites

BlackCat Ransomware Gang's Alleged Exit Scam: Claims FBI Seizure While Plotting $5 Million Malware Sale

The BlackCat ransomware gang has recently initiated what appears to be an elaborate exit scam, deceitfully announcing the seizure of their site and infrastructure by the FBI to abscond with affiliates' earnings.

This move coincides with their attempt to sell the malware's source code for $5 million, signalling an end to their operations under the guise of law enforcement pressure. Despite their claims, investigations revealed that no actual law enforcement actions were taken against ALPHV's infrastructure, with authorities like the NCA and Europol denying involvement.

This scam unfolded after affiliates accused the gang of stealing a significant ransom payment, leading to the abrupt shutdown of their platforms and the dissemination of a fake FBI seizure notice. The history of the operators behind BlackCat, initially emerging as DarkSide and undergoing several reinventions in response to law enforcement pressures, illustrates a pattern of criminal evolution and resilience. However, their latest scheme to exit the cybercrime scene has exposed their willingness to betray their partners and potentially marks the end of their operations, tarnishing their reputation among affiliates and drawing the attention of global law enforcement to their activities.

Pro-Russian Hacker Group Targets Swedish Government Websites in Coordinated Attack

The Pro-Russian hacker group NoName057 announced on Tuesday that it has launched targeted cyberattacks against Sweden, specifically targeting the Swedish Privacy Protection Agency and the Riksdag's government website.

The group declared on Telegram their successful takedown of these sites as part of a wider assault on what they label a "Russophobic" nation, also claiming responsibility for disrupting the Swedish Competition Authority's website. Multiple Swedish agencies have since reported technical difficulties, with officials from the affected entities confirming the incidents and their efforts to mitigate the attacks.

Despite these challenges, some agencies have managed to restore services, attributing their resilience to pre-emptive protective measures. The Swedish police have been notified of the incidents, although the perpetrators' identities remain unconfirmed. This attack underscores the ongoing vulnerabilities of national infrastructure to cyber threats amidst geopolitical tensions.

Change Healthcare Pays $22 Million in Bitcoin to Cybercriminals After Ransomware Attack

Change Healthcare, part of the USA’s UnitedHealth Group’s Optum subsidiary, reportedly paid $22 million in cryptocurrency to cybercriminals following a crippling ransomware attack last month. The attack, attributed to the notorious hacker group known as BlackCat or AlphV, paralyzed the medical firm's operations, leading to significant disruptions in the delivery of prescription drugs across numerous pharmacies and hospitals in the U.S.

This transaction, confirmed by security researchers and evidenced through blockchain analysis, marks a significant payout to the attackers, underscoring the severe impact of the cyberattack on Change Healthcare's infrastructure. Despite the payment, UnitedHealth Group has primarily focused on the ongoing investigation and efforts to restore operations, avoiding direct comments on the ransom transaction. The cyberattack not only exposed vulnerabilities within the healthcare sector's cyber security defences but also highlighted the growing threat posed by ransomware gangs targeting critical infrastructure, emphasizing the need for enhanced security measures and preparedness against such digital threats.

Nearly 30,000 Fidelity Life Insurance Customers' Data Breached in Infosys Cyberattack

Nearly 30,000 customers of Fidelity Investments Life Insurance have had their personal and financial information compromised. The breach, attributed to a cyber-attack in the autumn of last year on Infosys' IT systems, resulted in the theft of sensitive data including bank account details, credit card numbers, and security codes.

Fidelity disclosed to the Maine attorney general's office that the breach likely affected about 28,268 individuals, with Infosys unable to ascertain the full extent of accessed data. The cybercriminal group LockBit claimed responsibility for the Infosys intrusion, which also impacted other financial entities like Bank of America. Despite law enforcement actions against LockBit, the breach underscores the importance of robust cyber security measures to protect sensitive consumer information.

South Korea Launches Deepfake Detection Tool Ahead of Elections Amidst Electoral Challenges

In response to the increasing threat of deepfake technology, the Korean National Police Agency (KNPA) has unveiled a groundbreaking deepfake detection tool set to enhance criminal investigations.

The advanced software, distinct from other AI detection technologies primarily trained on Western data, leverages a comprehensive dataset of 5.2 million pieces from 5400 Koreans, aiming to accurately identify manipulated video clips and image files.

Developed to counteract the latest hoax video methods, the tool promises an 80% accuracy rate in distinguishing authentic videos from AI-generated forgeries within a mere five to ten minutes. This innovation arrives just as South Korea prepares for its legislative elections on April 10, amidst a notable rise in AI-fueled misinformation campaigns.

With 129 instances of AI-generated election law violations reported recently, this detection software represents a critical step in safeguarding electoral integrity, emphasising collaboration with AI experts to ensure precise and reliable analysis. As many democracies around the world face elections this year, the implementation of such technologies could prove crucial for protecting the electoral process.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

STOCKHOLM | 17 October 2023

Integrity360's flagship conference Security First comes to Stockholm in 2023!

Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.