At the beginning of the week, officials for the City of Cleveland, Ohio identified a cyberattack that was targeting their IT systems and prompted staff to limit access to public-facing services. As the investigation is ongoing, with the help of third-party security, the extent of this incident remains unclear, as well as the identity of the threat actors who perpetrated it. Public services through the City of Cleveland website are still unavailable, and staff are encouraging citizens to be patient during this recovery process.
New York Times source code leaked on 4Chan
Over the weekend, an unknown threat actor posted a 270GB data trove to 4Chan, claiming it was stolen source code for the New York Times. It is believed that the stolen data came from a New York Times GitHub account and contains over 5,000 source code repositories, though this leaked data has yet to be verified. Officials for the New York Times claim that they have not identified any intrusion into their internal network, though an un-hashed password to a third-party code storage platform leaked back in January and may be the source of this incident.
Chinese state hackers exploit FortiGate vulnerability
Following a security breach in 2023 of the Dutch Ministry of Defense, the investigation revealed a staggering malware campaign by Chinese state-sponsored hackers that was actively exploiting a known vulnerability in Fortinet’s FortiGate hardware that allowed for remote code execution and persistence for 20,000 devices worldwide. The remote access trojan used to create a permanent backdoor, dubbed Coathanger, is extremely difficult to detect and can remain on a system through multiple reboots and firmware updates.
Scattered Spider group join RansomHub affiliates
Researchers have been tracking the Scattered Spider extortion group since they were affiliates of ALPHV/BlackCat, but following their dismantling by law enforcement earlier this year, the threat actors behind Scattered Spider seem to have jumper over to RansomHub. Scattered Spider has been identified using the same tactics, tools, infrastructure, leading researchers to believe that they have truly joined RansomHub’s affiliate program, to take advantage of the RaaS and their capabilities.
Cyberattack takes Niconico offline
Over the weekend, staff for the Japanese video-sharing platform Niconico were forced to take their systems offline after discovering a cyberattack was limiting access to multiple servers. While is has yet to be determined if the threat actors behind the attack were able to exfiltrate any information, the company is postponing all services through June 16th in order to complete their investigation.
