Windows TCO Leftovers
-
The Record ☛ Russian national in US custody in Phobos ransomware investigation
Phobos affiliates are often less technically adept than members of higher-profile ransomware gangs such as Clop or Black Basta, cybersecurity researchers said, and are known for using “spray and pray” methods, in which an attacker aims ransomware at multiple potential targets, hoping for an infection.
-
Scoop News Group ☛ Alleged Russian Phobos ransomware administrator extradited to U.S., in custody
The Phobos ransomware has extorted over $16 million from more than 1,000 victims worldwide, including schools, hospitals, government agencies and large corporations, DOJ said. The department chalked up the arrest to international team-ups.
-
Security Week ☛ Library of Congress Says an Adversary [Cracked] Some Emails
The Library of Congress has notified lawmakers of a “cyber breach” of its IT system by an adversary, a hack of emails between some congressional offices and library staff, according to an email obtained by The Associated Press.
-
The Record ☛ Many US water systems exposed to ‘high-risk’ vulnerabilities, watchdog finds
The Environmental Protection Agency’s Office of Inspector General conducted a review of the agency’s cybersecurity initiatives, using an algorithm to rank issues at specific water utilities across the U.S. revolving around email security, IT hygiene, vulnerabilities, adversarial threats, and malicious activity.
The watchdog assessed 1,062 drinking water systems that serve more than 193 million people. Among those, 97 systems had “either critical or high-risk cybersecurity vulnerabilities” as of October 8. Those systems serve 26.6 million people.
-
Security Week ☛ 300 Drinking Water Systems in US Exposed to Disruptive, Damaging [Cracker] Attacks
Over 300 drinking water systems that serve roughly 110 million people in the US are affected by vulnerabilities that could lead to service disruptions, a new report from the Environmental Protection Agency (EPA)’s Office of Inspector General (OIG) shows.
-
Security Week ☛ Ransomware Attack on Oklahoma Medical Center Impacts 133,000
Great Plains Regional Medical Center in Oklahoma is notifying over 133,000 individuals that their personal information was compromised in a ransomware attack.
The public, not-for-profit healthcare system discovered the attack on September 8, 2024, when ransomware was deployed, but the attackers had access to its systems for at least three days prior.
-
The Record ☛ Ransomware gang Akira leaks unprecedented number of victims’ data in one day
Akira, a ransomware-as-a-service gang with a growing profile in the cybercrime underworld, has published a record number of new victims to its darknet leak site in a single day, with 35 published on Monday as of writing, and more apparently still being added.
-
The Recorded Future Inc ☛ Russia’s Escalating Sabotage Operations Threaten Europe’s Critical Infrastructure
Russia is likely ramping up its sabotage operations across Europe, targeting critical infrastructure to destabilize NATO allies and disrupt their support for Ukraine. Recent incidents, including break-ins at water treatment facilities in Finland and explosions at arms factories in Poland, highlight Russia’s use of “gray zone” tactics to undermine Western military, economic, and political capabilities without crossing the threshold of open conflict. Insikt Group’s analysis identifies a pattern of Russian hybrid warfare involving covert operatives, agent networks, and plausible deniability tactics that echo Soviet-era sabotage strategies. With these tactics, Russia aims to degrade NATO’s capacity to support Ukraine, increase internal tensions, and strain emergency resources.
-
Cyble Inc ☛ APT Group DONOT Targets Pakistan's Maritime And Defense
A new hacker collective, known as the APT group DONOT, has targeted critical sectors of Pakistan’s economy, specifically the maritime and defense manufacturing industries. By leveraging advanced malware and targeted social engineering strategies, the DONOT hacker group has successfully compromised sensitive infrastructure.
As per reports by Cyble Research and Intelligence Labs (CRIL), the APT group DONOT, also known as APT-C-35, has been active since 2016 and is primarily recognized for its persistent cyber espionage activities. Historically, this hacker group has focused on government agencies, military entities, and diplomatic missions, with particular emphasis on countries in South Asia.