Researchers who actively monitor blockchain transactions have recently discovered a $75 million payment to a wallet belonging to the Dark Angels ransomware group, supposedly from a Fortune 50 corporation as a ransom payment. Dark Angels have been active since 2022 and commonly target large-scale corporations and organizations and claim data exfiltration amounts from 1TB to more than 100TB. Those stolen data amounts are the basis for extreme ransom demands, having confirmed a $51 million dollar ransom payment for 27TB in 2023.
Cyberattack targets world’s largest silver producer
Earlier this week, officials for the world’s largest silver producer, Fresnillo PLC, confirmed that unknown threat actors had gained unauthorized access to several of their internal systems. While the investigation into the security incident is still ongoing, the company has revealed that the attack did not interrupt any mining operations, and the intruder did not access any financial data.
Mandrake Android malware eludes detection for years
Researchers have recently identified numerous apps on the Google Play app store that are Mandrake malware disguised as innocuous apps, such as astronomy and file-sharing apps. Mandrake has been an active Android malware family since 2016, and successfully launching two multi-year campaigns, while remaining highly elusive with a variety of tactics like avoiding execution in over 90 different countries and containing a complete kill switch to remove all evidence of infection.
HealthEquity suffers massive data breach
Following an SEC filing at the end of June, officials for the US health firm HealthEquity have confirmed that they had suffered a security intrusion back in March, which resulted in a data breach. After the investigation, it has been revealed that sensitive personal information and health records for over 4.3 million customers had been compromised. HealthEquity staff have since identified that a vendor’s user account had been exploited to access an online database containing customer information.
Ransomware causes IT outages in Columbus, Ohio
Over the last couple weeks, officials for the City of Columbus, Ohio have been recovering from a ransomware attack that forced several public services offline. The initial attack occurred on July 18th and was quickly identified and contained, while also disrupting any encryption capabilities. The investigation is still ongoing to determine if any sensitive information was compromised or exfiltrated during the attack, and to identify which threat group is behind this incident.
