Over the last few months, staff for the Western Sydney University (WSU) in Australia have been investigating a series of security incidents that have led to hackers publishing stolen data from both students and employees. The first incident occurred in November, when an unknown hacker breached the university's network and successfully exfiltrated a significant amount of sensitive information and was only discovered by WSU officials in March. The second incident stemmed from a cyberattack on the WSU single sign-on system in January, with the threat actor being able to compromise data for 10,000 current and former students.
ResolverRAT takes aim at healthcare organizations
Researchers have been tracking a new remote access malware, known as ResolverRAT, that seems to be taking a specific focus on the healthcare industry. It has been observed as using social engineering tactics to gain initial access to a network, by using localized languages in phishing emails that claim to be regarding legal inquiries in various countries around the world. ResolverRAT also uses advanced techniques to remain undetected by requiring custom validation for accessing the command-and-control servers and also by using common ports for communication, to blend in with normal network traffic.
GRAPELOADER phishing campaign deployed by Cozy Bear APT group
Researchers have identified a new phishing email campaign that has been spotted delivering a payload of the WINELOADER backdoor to a variety of European government officials and diplomats. This appears to be an updated campaign from the previous WINELOADER attacks, which distributed a malicious PDF under the guise of a wine tasting event invitation. GRAPELOADER, from the latest campaign, is deployed through a malicious link in an email, which then downloads a file (wine.zip) and is then unpacked and used to further download the WINELOADER backdoor.
Sensata falls victim to ransomware attack
Recently, officials for Sensata Technologies have revealed that their network was encrypted during a ransomware attack that has disrupted normal operations and may have led to data exfiltration. The incident was first identified on April 6th and subsequently led to an investigation to determine what information may have been exfiltrated, as well as any other parts of their systems that could’ve been compromised. It is still unclear which ransomware group is responsible for this attack.
Cleo file transfer vulnerability claims Hertz as latest victim
The list of corporations that have fallen victim to the Cleo file transfer exploit continues to grow, as the US car rental company Hertz confirms that they have suffered a data breach as well. While the total number of affected individuals hasn’t been released, upwards of 3,400 people from multiple states have received notifications about this incident impacting their sensitive data. This vulnerability was exploited by the Clop ransomware group, who continues to add more and more companies to their leak site.
