Almost a year to the day after hackers breached the internal network environment of Australia’s Western Sydney University, staff have begun notifying all affected students and employees. The investigation revealed that hackers had successfully invaded the network in May of 2023, though university officials did not discover the intrusion until January of 2024, and have since confirmed that at least 7,500 individuals have had their data compromised. It is still unclear if the number of affected individuals will increase, or the identity of the threat actors behind the incident.
Atlas Oil breached by BlackBasta ransomware group
Recently, the threat actors behind the BlackBasta ransomware group have claimed responsibility for the cyberattack on one of the largest oil distributors in the US, Atlas Oil. They have since added Atlas Oil to their leak site and are stating that they have obtained 730GB of company data, including employee records, payroll documents, and other personally identifiable information (PII) for users and employees. Officials for Atlas Oil have yet to disclose any data breach of their systems, though it is only a matter of time.
Nissan breach exposes sensitive data of 53,000 employees
Late last year, officials for Nissan North America (NNA) had fallen victim to a ransomware attack and resulted in the attackers exfiltrating extremely sensitive information. The findings of the investigation in February revealed that over 53,000 current and former employees of NNA had their personally identifiable information (PII) compromised, including Social Security Numbers and other employment records. The group behind this incident is still unclear, as well as if NNA had any communications with the threat actors or had paid any form of ransom to stop the distribution of any stolen data.
Researchers discover new Grandoreiro banking trojan campaign
Following the law enforcement takedown of the Grandoreiro banking trojan organization in January, researchers have discovered a new Grandoreiro campaign that has been active since March and is targeting financial institutions in more than 60 different countries. This latest campaign includes several improvements that allow for avoidance of VMs or other testing sandboxes, region identification to stop execution in several countries including Russia, Poland, and certain operating systems in the US.
Data breach confirmed after OmniVision ransomware attack
Last week, officials for California-based imaging sensors manufacturer, OmniVision, began notifying the authorities that they had suffered a data breach following a ransomware attack by the Cactus ransomware group in September of last year. The threat actors behind the Cactus ransomware group posted OmniVision data to their leak site in Mid-October, though the company has since been removed. It is unclear if the data was sold or if OmniVision paid a ransom to have the data returned or deleted.
