Griffin Dewatering falls victim to a ransomware attack orchestrated by the Hunters group. Griffin, a construction company boasting a workforce of over 200 employees and generating $31.2 million in revenue, specializes in various services including Groundwater Control, Ash Pond Dewatering, and Construction Dewatering, among others.
The United States government has taken credit for disrupting a botnet comprised of numerous small office and home office (SOHO) routers controlled by the Russia-linked APT28 threat actor. The Department of Justice has outlined the extent of these crimes, which included extensive spear-phishing and credential harvesting campaigns primarily targeting entities of intelligence interest to the Russian government, such as U.S. and foreign governments, military establishments, security firms, and corporations.
A report has surfaced indicating that a former employee of a U.S. state government is responsible for infiltrating one of the government organization’s network environments using an administrator account. Details of the incident reveal the perpetrator’s modus operandi, which involves accessing the network via a VPN and employing tactics to blend in with legitimate traffic, thereby avoiding detection. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has corroborated the findings, issuing a joint advisory with MS-ISAC that highlights how the threat actor successfully authenticated to an internal VPN access point.
The Closing Agent, a real estate business based in Florida, has been targeted by Lockbit 3.0. This company, specializing in Real Estate Settlement Services, Foreclosure Defense, and other legal services, operates with a staff of over 50 employees and generates $10.6 million in revenue.
AWS has been exploited for bulk smishing attacks utilizing a malicious Python script known as SNS Sender. The smishing messages are crafted to distribute malicious links aimed at capturing victims’ personally identifiable information (PII) and payment card details.
Multiple cryptocurrency companies have been inundated with fake job offers as part of an ongoing malware campaign involving RustDoor, a recently uncovered Apple macOS backdoor. Despite evidence revealing the existence of more than three variants of the backdoor, cybersecurity researchers are still seeking details regarding its propagation mechanism. According to a report from Bitdefender, some of the initial downloaders masquerade as PDF files containing job offers, but in reality, they execute scripts that download and deploy the malware while also opening a benign PDF file posing as a confidentiality agreement.
The Hunters ransomware group has launched a fresh attack targeting a government-owned entity. The St. Johns River Water Management District, one of five water infrastructure bodies under the Florida Water Management District, oversees the management of Florida’s groundwater and surface water resources. With a workforce exceeding 1000 employees and a budget of $135.5 million, the district’s responsibilities extend to flood protection, maintaining natural systems, and ensuring water quality.
