Early this week, all operations at Japan’s largest port, the Port of Nagoya were brought to a halt after a ransomware attack was discovered on their internal network. The attack caused disruptions to the port’s terminal processing system for shipping containers and forced officials to cancel all transportation in and out of the port, until they were able to restore normal system functionality. The Port of Nagoya is responsible for handling over 2 million shipping containers each year, which equates to 10% of Japan’s annual trade volume.
Android banking trojan targets financial institutions across the globe
Researchers have identified an Android malware campaign that has been targeting banking organizations across numerous countries for 2 years and compromised sensitive banking information for thousands of individuals. It is believed that one Mexico-based hacker, known as Neo_Net, is behind this campaign, which uses SMS phishing messages to lure in victims and disguises itself as a variety of banking security apps to steal login credentials. The stolen data was subsequently offered for sale on dark web forums, rather than being ransomed back to a particular banking institution or individual.
Australian government data compromised in law firm attack
Following a ransomware attack on the Australian law firm, HWL Ebsworth back in April, officials for the Office of the Australian Information Commissioner (OAIC) were contacted regarding some of their documents being exposed. The attack was claimed by the Alphv/BlackCat ransomware group, who later published half of the stolen data to their leak site, indicating that HWL Ebsworth declined to pay the demanded ransom.
SmugX campaign focuses on European government agencies
Researchers have been tracking a phishing campaign since December of 2022, that focuses solely on government agencies and foreign ministries in numerous European countries. The campaign itself has been dubbed ‘SmugX,’ and appears to be orchestrated by a Chinese threat actor and shares several attack patterns with other APT (Advanced Persistent Threat) groups. SmugX attacks begin with HTML smuggling, which hides the malicious payload inside an innocuous HTML document that the victim is prompted to download.
LockBit leaks data on Taiwanese chipmaker
The threat actors behind the LockBit ransomware group have recently published data to their leak site that belongs to the Taiwanese chipmaker TSMC, though it may have been compromised from a third-party vendor. The data was published late last week and came with a ransom price tag of $70 million; making it the 4th largest ransom ever demanded. Officials for TSMC have confirmed that their internal systems have not been compromised, and their data contact with the vendor has been terminated.
