An unsealed indictment charges four Vietnamese nationals with involvement in a series of cyber intrusions that collectively caused U.S. companies to suffer over $71 million in losses. The defendants—Ta Van Tai (also known as Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien Nguyen), Nguyen Trang Xuyen, and Nguyen Van Truong (aka Chung Nguyen)—were members of the sophisticated international cybercrime group ‘FIN9.’ Between May 2018 and October 2021, they hacked victim companies’ networks, stealing non-public information, employee benefits, and funds. The Department of Justice tracked down these prolific hackers, emphasizing the importance of cybersecurity vigilance.
WordPress Users Confronted with Battling Rogue Admin Accounts Created
Malicious actors have exploited vulnerabilities in several WordPress plugins, enabling them to insert harmful code and create unauthorized administrator accounts. These rogue accounts are then used for nefarious purposes. Additionally, the threat actors employ malicious JavaScript injection to spread SEO spam across affected websites. According to Wordfence security researcher Chloe Chamberland, the injected malware specifically targets the creation of new administrative user accounts, with the obtained details being transmitted to a server controlled by the attacker.
It is worth noting that the affected plugins Social Warfare 4.4.6.4 – 4.4.7.1 (Patched version: 4.4.7.3) with over 30,000 installs, Blaze Widget 2.2.5 – 2.5.2 (Patched version: N/A) with over 10 installs, Wrapper Link Element 1.0.2 – 1.0.3 (Patched version: N/A) with over 1,000 installs, Contact Form 7 Multi-Step Addon1.0.4 – 1.0.5 (Patched version: N/A) with over 700 installs, Simply Show Hooks 1.2.1 (Patched version: N/A) with over 4,000 installs have been pulled out from WordPress plugin directory.
Microsoft Management Console Files Under Attack.
Cybersecurity researchers have identified a concerning trend: threat actors exploit specially crafted Management Saved Console (MSC) files to bypass security defences and execute code via the Microsoft Management Console (MMC). In one report, a researcher highlighted that when a maliciously crafted console file is imported, a vulnerability in an MMC library can allow the execution of adversary code, including malware. Attackers may combine this technique with DotNetToJScript to achieve arbitrary code execution, potentially leading to unauthorized access, system takeover, and other security risks.
Blacksuit ransomware has launched an attack on multiple businesses. See the details listed below.
AXIA Ventures Group: The investment banking firm is a leading regional privately-owned investment banking group providing financial advisory and capital market-related services to corporates, governments and institutional clients. AXIA Ventures Group has over 200 employees and specializes in Mergers & Acquisitions, Institutional Sales & Trading, Equity Research, restructuring, Private Placements, and Investment Banking. AXIA Ventures Group has a revenue of $16.4 million.
Cat-i Glass Manufacturing: The company with a foothold in the glass, ceramics and concrete manufacturing industry is specialized in OEM Components, Tempering, Gorilla Glass, Chemical Strengthening, Screen Printing, PCAP Touch sensors, Lighting, Touch Displays, Industrial Touchscreens, Lamination, Agriculture, LCD Display, Outdoor Kiosks, Industrial Components, and Medical Products. Cat-i Glass Manufacturing has over 200 employees and a revenue of $37.8 million.
Young’s Timber & Builders Merchants: The company with over 50 employees specializes in Building Supplies, Timber, Fencing, Decorating Supplies, Landscaping Products, Cladding, Doors, Roofing, Plumbing, Workwear, and Gates. Young’s Timber & Builders Merchants has a revenue of $5.6 million.
The Eye Clinic Surgicenter: The wellness and fitness services company has over 50 employees with speciality in Cataract Surgery, LASIK Surgery, iStent, Corneal Transplants, Glaucoma Surgery, Crosslinking – Avedro Study Member, Premium Lens Cataract Surgery, Complex Contact Lens Fittings, and Eye Lid Surgery – Cosmetic and Medically necessary. The company has a revenue of $5 million.
Akira ransomware group has attacked multiple businesses with details listed below.
Beckett Thermal Solutions: The company is a global pioneer of combustion technologies and specializes in Burners, Burner Systems, Heat Modules, Controls, Premix Combustion, Thermal, and Engineering. Blackett Thermal Solutions has over 1000 employees and a revenue of $34.8 million.
PCI Developments: The award-winning Vancouver-based real estate developer of complete urban communities specializes in Investment, Acquisitions, Leasing, Development Management, Construction Management, and Asset Management. The company has over 50 employees and a revenue of $5 million.
