Nearly a year after the Play ransomware group infiltrated the servers of a government contracting service provider, Xplain, officials for the Swiss government have confirmed that roughly 65,000 sensitive documents were compromised. The initial breach occurred on May 23rd of last year, and the government files were part of the 1.3 million files that were released on the Play ransomware leak site, upon failure to negotiate a ransom. The investigation into this incident didn’t begin until mid-August and is still ongoing, though it is believed to be wrapping up by the end of March.
LockBit affiliate charged in Canada
Following the arrest of a suspected LockBit ransomware affiliate in October of 2022, the Canadian courts have finalized the sentencing, but now he may be facing extradition to the US for additional charges. Along with a sentence of up to 5 years in prison, the affiliate is also being ordered to pay $860k as restitution for all Canadian victims. With this latest arrest, it is believed that 6 individuals with direct ties to the LockBit ransomware group have been detained and charged with various cybercrimes.
French government agencies facing extended cyberattack
French government officials have announced that multiple state agencies have been under a constant stream of attacks since the beginning of the week, though they haven't confirmed anything more specific than the attacks appear to be fairly simple and are possibly just a DDoS attack. Shortly after the attacks began, a pro-Russia threat group operating as NoName revealed in their Telegram channel that they had successful cyberattacks against a French energy firm and other agencies.
Vulnerability in building access systems left unpatched for years
Nearly 5 years after a series of building access vulnerabilities were identified and reported by a security researcher, one firm has finally taken the steps to properly patch their systems. Of the vulnerabilities reported to 4 access system vendors, Nortek’s Linear products have been actively exploited, and with 2,500 internet-connected instances, is the greatest vulnerability to remain unpatched since being identified and reported to the company in 2019. It is believed that the company only began working on patches after the US cybersecurity agency CISA published their second advisory notice to warn affected Nortek customers in 2023.
Stanford University confirms 27,000 students affected by data breach
Officials for Stanford University have revealed that sensitive data of 27,000 students has been compromised following the ransomware attack on their internal systems back in September. The incident investigation also revealed that the breached system, the Stanford University Department of Public Safety (SUDPS) was illicitly accessed for over 4 months, from May through September of last year. The attack has since been claimed by the Akira ransomware group, who published a 430GB data trove to their leak site in October.
