The Lockbit ransomware group has attacked Nine Dragon (ND) Paper, a leading manufacturer of high-quality and sustainable pulp, packaging, and paper products. The company specializes in pulp, HBK, SWK, CGW, NHBK, NBSK, OGW, CS1, CPS, and market pulp. ND Paper currently has over 5,000 employees and a revenue of $9 billion.
South Asia Becomes Target of Chinese-Linked LightSpy iOS.
According to cybersecurity analysts, Asian iOS users are at a higher risk of the renewed cyber espionage campaign delivering a spyware called LightSpy. India is another country on the list with some evidence obtained from VirusTotal submissions. A report by BlackBerry Threat Research and Intelligence Team states, “The latest iteration of LightSpy, dubbed ‘F_Warehouse,’ boasts a modular framework with extensive spying features.” A look into the mode of operation revealed the operation starts with a first-stage loader acting as a launchpad for the core LightSpy backdoor and plugins retrieved from a remote server for data exfiltration.
PAN-OS Vulnerability gets Fixed by Palo Alto Networks
Addressing the vulnerability tracked CVE-2024-3400 with the CVSS score 10.0, which is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall, Palo Alto Networks released some hotfixes for the following PAN-OS versions: PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3. The company also released a statement clarifying the updates and promising further releases. “This issue applies only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled.”
SaaS and Cloud Platforms become Muddled Libra Extortion and Data Theft Ground.
According to a report by Palo Alto, “Organizations often store a variety of data in SaaS applications and use services from CSPs.” This has attracted Muddled Libra, also known as Starfraud, UNC3944, Scatter Swine, and Scattered Spider, to actively target software-as-a-service (SaaS) applications and cloud-serviced provider (CSP) environments for data exfiltration. Further revelation about the situation showed that the Muddled Libra now leverages exfiltrated data in their attack progression and victim extortion. Another insight about the attacker’s mode of operation shows the use of reconnaissance techniques in identifying administrative users by posing as a helpdesk staff in a vishing attack to obtain passwords.
UnitedHealth Group, a health care and well-being company popular for assisting people in achieving a better and healthier lifestyle and specializing in Health Care, Wellness and Health Management, Retiree Solutions, and Information Technology, has been attacked by the ransomhub ransomware group. The company has over 10,000 employees and revenue of $371.6 billion.