Threat Intelligence Report - August 26, 2023.
The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.
NetFire Threat Intelligence Team
Veeam Weaponized Against Critical U.S. Infrastructure
The Cuba ransomware gang, a group that cyber-intelligence reports indicate may be potentially Russian, has been targeting critical infrastructure organizations in the U.S. and IT firms in Latin America, using a recently discovered vulnerability, CVE-2023-27532, which affects Veeam Backup & Replication products to steal credentials. BlackBerry's Threat Research team emphasizes the importance of promptly installing Veeam security updates, as the gang also employs a range of other techniques and vulnerabilities, including older ones like "Zerologon," to compromise systems and disable security measures. Unlike most trends in ransomware, and of potential concern, Cuba ransomware remains an active threat heading into its fourth year.
Majority Customer Data Loss after Danish Hosting Firms Attacked
Danish hosting firms CloudNordic and AzeroCloud have been hit by a ransomware attack that resulted in the loss of the majority of their customer data, forcing them to shut down all systems including websites, email, and customer sites. The attack was particularly devastating as it encrypted all server disks, including primary and secondary backups, during a data center migration, leaving the data seemingly irrecoverable and affecting "several hundred Danish companies."
NSF Telescopes Attacked; Motive Unclear
Cyber attackers have targeted National Science Foundation (NSF) telescopes, including the prominent NOIRLab, disrupting their operations and disconnecting telescopes in Hawaii and Chile. The attacks have halted key astronomical research, impacting various international projects, doctoral theses, and research endeavors due to missed observation windows, and cybersecurity experts remain puzzled over the motivations behind the attack.
FTX and BlockFi Impacted by Kroll Data Breach
Kroll, a third-party agent overseeing creditor claims for bankrupt companies, suffered a data breach compromising user data from cryptocurrency exchange FTX and lending platform BlockFi. While FTX and BlockFi assert that sensitive account information and passwords remain secure, both firms have alerted users about potential phishing attempts and fraudulent communications related to the breach.
GPS Locations of Major Art Collectors Leaked in Christie’s Data Breach
A data breach at the renowned auction house Christie's exposed the precise GPS coordinates of artwork owned by its clients, potentially revealing the exact location of pieces within a few feet. German cybersecurity researchers discovered this significant vulnerability, indicating that approximately 10% of the uploaded images contained these accurate coordinates, posing a massive security risk to the world's wealthiest art collectors.
Follow NetFire and stay tuned for more insights.
#NetFireThreatIntelligence #ThreatIntelligence #NetFire #Veeam #DataLoss #NSF #NOIRLab #FTX #BlockFi #Kroll #ChristiesArt #GPSTracking #NetOnFire