A combined warning from several U.S. agencies warn about the Maui ransomware group targeting primarily healthcare institutions. In other cybersecurity news, the official social media accounts for the British Army were compromised with attackers hijacking the feeds to direct people to crypto scams.
Marriott International suffers third data breach in 4 years
The BWI Airport Marriott hotel in Maryland confirmed that their computer systems were illicitly accessed and sensitive information for clients and employees may have been compromised. It’s believed that the attackers were only able to access the internal device for six hours before detection but were able to successfully exfiltrate 20GB of data during the incident. This is the third data breach that Marriott has fallen victim to since 2018, with their reservation systems previously hacked, leaving data for millions of former customers exposed.
Hacker posts trove of stolen Shanghai National Police data
Late last week, a post claiming to have sensitive data on 1 billion Chinese citizens for sale was found on a dark web marketplace. The hacker behind the listing states that they were able to exfiltrate 23TB of data from a misconfigured Shanghai National Police database and would accept $200,000 in Bitcoin for the information. While this posting has the potential to be the largest breach in known history, there has been no actual confirmation from any Chinese government agencies that the stolen data is legitimate.
AstraLocker operators confirm shutdown and distribute decryptors
Researchers have recently been contacted by the operators of the AstraLocker ransomware with news that they would be stopping any further activities and providing decryption keys to past victims. It is still unclear if the operators will be ceasing all further criminal action due to pressure from law enforcement or if they are simply switching over to a different strategy for making money.
Maui ransomware targeting healthcare organizations
Several US government agencies have issued a combined warning about a campaign by the Maui ransomware group focusing primarily on healthcare institutions. Maui ransomware is run by North Korean state-backed actors and has spent the last year encrypting healthcare organizations around the United States, which are known for being lucrative targets due to their lack of security measures compared to the high value of medical records.
Hackers compromise British Army social media accounts
Over the weekend, the official Twitter and YouTube accounts for the British Army were hacked and used to redirect viewers to a series of cryptocurrency scams. After a strenuous 4-hour affair, officials were able to regain control of the compromised pages, remove all unwanted content and cleaning up any remaining defacement before re-allowing public access. These types of frauds have increased by 87% since last year and continue to remain popular as they tend to have high payouts.
