Microsoft Seizes Domains Used by China-Linked APT ‘Nickel’
The tech giant took over the websites after filing pleadings with the U.S. District Court for the Eastern District of Virginia, which quickly granted an order in this regard. While the move will prevent the group’s access to some of its victims, it is unlikely to put an end to Nickel’s activities. However, Microsoft does…
Cyberattack Causes Significant Disruption at Colorado Electric Utility
The Delta-Montrose Electric Association (DMEA) is a member-owned and locally controlled rural electric cooperative that serves more than 34,000 customers in Colorado’s Montrose, Delta, and Gunnison counties. It is part of Touchstone Energy Cooperatives, a cooperative federation that has over 750 members across the United States. DMEA last week revealed that it had discovered a…
17 Malware Frameworks Target Air-Gapped Systems for Espionage
The list was created over the course of 15 years, but the last four of the frameworks emerged last year, proof of an increased interest by threat actors to target isolated systems. Only malware components working together to create an offline, covert communication channel between air-gapped networks and a threat actor were taken into consideration…
Wind Turbine Giant Vestas Confirms Ransomware Involved in Cyberattack
Vestas became aware of the breach on November 19 and it immediately started shutting down IT systems. Little information was provided when the attack was disclosed, but the company’s description of the incident suggested that it was a ransomware attack. In an update shared on Monday, Vestas confirmed that ransomware was indeed used and that…
Hardware Security Firm Axiado Banks $25M Investment
The company is building a Trusted Control/Compute Unit (TCU) product that is being positioned as a new class of security processors that provide platform root-of-trust for large enterprise customers. Axiado, which employs approximately 40 in Silicon Valley, said the $25 million Series B investment brings the total raised to $40 million. The round was led…
‘Sabbath’ Ransomware Operators Target Critical Infrastructure
According to a warning from Mandiant, the group previously operated under the names of Arcane and Eruption and was observed last year deploying the ROLLCOAST ransomware. In October 2021, the group created the public naming-and-shaming site 54BB47h (Sabbath), one month after a post was discovered where the malware group announced it was looking for partners…
Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data
The attack, the Rockville, Maryland-based company says, likely happened in mid-November, when a ransomware group accessed data on certain systems, deployed malware to prevent access to files, and then threatened to leak the exfiltrated files. Despite that, Supernus Pharmaceuticals says it did not experience a significant impact on its business, as its operations were not…
Emotet Using TrickBot to Get Back in the Game
Emotet, which emerged in 2014, became one of the most prevalent threats of the decade, evolving into a malware downloader that allowed cybercriminals to disseminate malware such as TrickBot, the Ryuk ransomware, and the QakBot banking Trojan, as well as various other threats. In January 2021, law enforcement agencies announced they were able to take…
FBI: Ransomware Attacks Exploit Financial Business Events
Ransomware actors are known for performing extensive research prior to launching an attack on victims, using publicly available information, along with material non-public data. Should the victim refrain from paying the ransom, the attackers threaten to disclose the gathered information publicly, thus attempting to extort the victim, the FBI warned. “Ransomware actors are targeting companies…
SolarWinds Outlines ‘Triple Build’ Software Development Model to Secure Supply Chain
In the SolarWinds incident, up to 18,000 companies could have received the malware injected into the SolarWinds software. Not all could have been affected. Many of these ‘victims’ did not install the infected version, and many others did so on servers with no internet connectivity. Of those companies that did receive the Nobelium Sunburst malware,…
