Over the weekend, threat actors behind the Cactus ransomware group added Schneider Electric Co. to their leak site, and claim to have exfiltrated 1.5 TB of data. The breach initially occurred on January 17th, after the group gained access by using compromised account credentials, and allowed them to obtain sensitive customer information, including automation data and other industrial controls. Upon publishing a 25MB sample of the stolen data, the group is now expecting a ransom payment before releasing the remainder.
Global operation takes down LockBit ransomware group
At the beginning of the week, officials for the FBI and Europol released a report that confirms a global takedown of the LockBit ransomware group. The report claims that international law enforcement seized the group’s leak site and affiliate consoles, 34 servers under the group’s control, and hundreds of cryptocurrency accounts that had been used for taking ransom payments. The takedown, named Operation Chronos, was able to infiltrate LockBit by exploiting a software vulnerability, and had successfully apprehended several involved individuals. See our writeup of the takedown here
German battery manufacturer suffers cyberattack
Early last week, the German battery manufacturer Varta revealed that several of their IT systems had been targeted by a cyberattack, which forced 5 of their production facilities offline for multiple days. It is believed that a ransomware group is behind the incident, though that has yet to be confirmed. The investigation into the attack is still ongoing, as the company has not yet revealed if any employee or customer data was stolen, or the overall extent of the breach.
Australian telecom companies revealed for allowing bulk scam messages
The Australian Communications and Media Authority (ACMA) has recently called out 5 telecoms that were allowing bulk scam messages to make it through their scanning and on to customers. Between the five companies, over 49 million spam SMS messages from 2022 to 2023, mostly impersonating common brands and government-based services. During the allowance of these millions of SMS scams, Australian citizens lost more than AU$25 million to these types of scams.
Ransomware impacts German software developer
Late last week, officials for the German infrastructure software developer, PSI Software SE, confirmed that their IT systems had been taken offline due to a ransomware attack. While the investigation continues, it is still unclear as to which ransomware group was responsible for the attack, or if any critical information has been compromised. This attack could have a significant impact on global infrastructure across several industries, as PSI Software SE creates software used in airports, transportation services, and energy production.
