Late last week, the threat actors behind the DragonForce ransomware group published a data trove containing 6TB of information that was exfiltrated from an undisclosed Saudi Arabian construction and real estate firm. DragonForce announced the incident on February 14th and gave the victim firm 2 weeks to pay the demanded ransom, though it seems that this didn’t occur as the data was later posted to the group’s leak site. While DragonForce is relatively new to the threat landscape, they deploy highly sophisticated tactics and typically use double-extortion to put additional pressure on their victims.
Cyberattack forces Polish Space Agency offline
Over the weekend, staff for the Polish Space Agency (POLSA) were forced to take many of their systems offline after identifying a cybersecurity attack was affecting their internal network. As the investigation is still ongoing, it remains unclear as to the type of attack, if any information was exfiltrated, and which threat group may be responsible for this incident. Presently, staff at POLSA are still reduced to communicating over the phone, as the incident impacted their email systems.
Eleven11bot botnet is largest in recent history
Researchers have been tracking the spread of a newer botnet, known as Eleven11bot, that has infected over 86,000 devices and have used their combined capabilities to launch devastating DDoS attacks against major communications firms. Eleven11bot has infected thousands of devices, mostly located in the US and UK, but have a presence in dozens of countries around the globe, with nearly 1,400 compromised IP addresses.
Google removes two dozen malicious BadBox apps from Play Store
In the latest hit against the BadBox Android malware, Google has identified and removed 24 malicious apps from the Google Play Store, while also adding in an enforcement rule to Play Protect to warn users who may be attempting to install a BadBox app. Following the German operation to take down BadBox in December of last year, the botnet has since regrown to over 1 million infected devices globally, most of which are lower-end smartphones and Android-connected TVs.
Qilin ransomware leaks 350GB of data from Lee Enterprises attack
In the weeks following the cyberattack on the newspaper giant, Lee Enterprises, the threat actors behind the Qilin ransomware group have claimed responsibility and have published a 350GB data trove to their leak site. Amongst the stolen data is financial records, information on payments made to various journalists and other highly sensitive corporate documents that may contain intellectual property or other unreleased data. Qilin gave Lee enterprises until March 5th to pay the demanded ransom before releasing the stolen data to the public, and it appears that negotiations have been unsuccessful.