Several local and online services were shut down following an attack on the Greek postal service ELTA. Officials continue to check machines for malicious payloads and have no idea when service will return. In other cybersecurity news, the Lapsus$ hacking group stole 37GB in source code from Microsoft.
Lapsus$ hacking group steals Microsoft data
A Microsoft employee’s credentials were compromised following a multi-organization hacking campaign. The Lapsus$ group stole nearly 37GB in source code from several Microsoft products. While the hacking group was able to publish their ill-gotten goods on their leak site, officials for Microsoft are still investigating how that specific account was exploited and the overall extent of the intrusion into their systems.
Texas Dental care provider suffers data breach
JDC Healthcare Management LLC, (JDC) finally admitted to a data breach that impacted their network in August of last year and may affect upwards of a million Texas patients. It’s believed that an unknown malicious actor was able to access several systems during the incident and could have gained access to information like Social Security numbers and private medical records. The healthcare organization has also announced that they will be working towards improving the security measures they have in place and establishing a faster response to similar incidents.
Ransomware shuts down Greek postal services
ELTA, the public postal service in Greece, announced that many of their local and online services were currently unavailable after suffering a ransomware attack. Though there has not been any confirmation of a demanded ransom, the malicious actors were able to begin dropping malicious payloads after exploiting an unpatched vulnerability in the outdated postal service devices. Staff has had to disconnect and check over 2,500 machines for malware. All postal services are currently offline with no estimations for returning to normal operation.
Chinese hotels under attack by DarkHotel APT
Researchers have been monitoring a series of cyberattacks on luxury hotels around China seeming to originate from the DarkHotel advanced persistent threat (APT) group. DarkHotel has been active for nearly 15 years and is known for sensitive data to later be used as leverage by using spear phishing tactics against several key. The luxury hotels in the Macao region of China draw in executives from many industry-leading companies, making them lucrative targets for data theft from a variety of malicious organizations.
Thousands of medical photos exposed
Researchers have spent months trying to contact the owners of an unsecured Amazon S3 bucket containing 30GB of files and medical photos. The server belongs to the Japanese company Doctor Me, which allows patients to anonymously upload pictures to their doctor for virtual diagnosis. The company has yet to acknowledge the unsecured server nor attempt to add authentication. Researchers have even contacted the Japanese CERT, but have seen no change since January.
