In the month following a cybersecurity incident at the healthcare provider, Group Health Cooperative of South Central Wisconsin (GHC-SCW), the threat actors behind the BlackSuit ransomware group claimed to have exfiltrated sensitive patient data for over 533,000 individuals. Researchers believe that BlackSuit ransomware is the successor of the highly prolific Royal ransomware group, which was rumored to be working on a rebranding. BlackSuit also added GHC-SCW to their leak site at the beginning of March, though the initial incident was discovered at the end of January.
Latrodectus loader malware linked to multiple malicious campaigns
Researchers have been tracking a new malicious loader, Latrodectus, which was thought to be a new variant of the IcedID malware but has been identified as a distinct payload downloader that was likely made by the same developers. After further analysis, Latrodectus is being used by initial access brokers, (IABs) to receive malicious payloads on infected systems and execute a variety of remote commands.
Cyberattack on Greylock McKinnon Associates exposes data of 341k individuals
Almost 9 months after first discovering a network intrusion, officials for Greylock McKinnon Associates finished their investigation and began contacting the 341,000 affected individuals of a data breach. The initial intrusion was identified at the end of May 2023, with the investigation ending in early February 2024, and including many corporations, government agencies, and a significant amount of data from the Department of Justice. The threat actors behind this attack have still not been identified, though they will likely reveal themselves by posting the stolen data to a dark web leak site.
Hackers breach internal systems at Targus
Over the weekend, officials for the mobile accessories manufacturer, Targus revealed that they had fallen victim to a cyberattack that may have resulted in a data breach. They first identified some unauthorized activity on their network on April 5th, and quickly put their incident response protocols into action to avoid additional network compromise. It is still unclear if data was exfiltrated during the breach or which threat group was behind the attack.
Change Healthcare faces secondary extortion attempt
In the weeks since Change Healthcare faced a data breach by the ALPHV/BlackCat ransomware group, which led to a ransom payment to protect sensitive patient data, the healthcare provider has now received a new extortion attempt. The RansomHub threat group is behind this latest ransom demand and appears to be the successor of the ALPHV/BlackCat group following the global law enforcement takedown that they experienced shortly after their attack on Change Healthcare. It is likely that this secondary extortion attempt is using the stolen data from the previous attempt as RansomHub is comprised of former ALPHV/BlackCat affiliates and is hoping the healthcare provider will keep paying out.
