Lockbit ransomware continues to thrive despite the government agency’s recent clampdown on the group. The group recently attacked the GPAA (Government Pensions Administration Agency). The attacked agency has over 5000 employees and a revenue of $13.1 million.
The Cactus ransomware group launched an attack on multiple businesses. Victim details are listed below.
- Reny Picot:Â The attack on the Spanish company resulted in the exfiltration of 350GB of data now available for sale on the darkweb. The food and beverage company has over 500 employees and a revenue of $911.7 million.
- Ammega: Ammega is a multinational automation machinery manufacturing company headquartered in the Netherlands. The company specializes in Ammeraal Beltech—Process and Conveyor Belts, Megadyne—Power Transmission Belts, and Jason Industrial—Hydraulic Hoses & Belts. The attack on Ammega resulted in the exfiltration of 1TB of data, now available for sale on the dark web. Ammega has over 10,000 employees and a revenue of $1.2 billion.
- Cleshar: Cleshar is a construction company specializing in Rail, Capital works and infrastructure, Support services, Infrastructure maintenance, Welding, safety-critical resources, Power systems, M&E, Signals and telecoms, and Rail safety training. The company has over 5,000 employees and a revenue of $239.3m. The attack on the company resulted in the exfiltration of 1TB of data, now available for sale on the dark web.
- Plymouth Tube:Â This award-winning multinational mining company with headquarters in Illinois specializes in Stainless and Carbon Steel Tubing manufacturing, extruded Steel, Titanium Net, and near-net Shapes. The company has over 1,000 employees and a revenue of $137 million. The attack on the company resulted in the exfiltration of 1.83TB of data available for sale on the dark web.
- A New Jersey IT company, Scadea Solutions, Inc., has fallen victim to a ransomhub group ransomware attack. The company specializes in Digital Transformation, Digital Business Strategy, Salesforce Services, Legacy to Cloud Migration, SAP ERP Consulting, Data Analytics, Mobile APP Development, Fullstack Development, e-commerce development, AI and ML, RPA, CX Innovation & Optimization (SFDC), Digital Product Engineering (ISV), Data-Driven Business & Intelligence, Core IT Modernization, and Performance Marketing and More. Scadea has a revenue of $23.2 million and over 1000 employees.
Brazilians become the target of the CHAVECLOAK trojan.
According to a FortiGuard Lab researcher, Brazilian bank customers are victims of this new trojan that works through a phishing mail containing a PDF whose download triggers a zip file download, which later uses a DLL side-loading technique to execute the final malware. Further details about the attack revealed that the threat actor tricked users into downloading the pdf by the threat actor using a contract-themed DocuSign. Users click the read and sign button on the document, which results in a hidden attack. Sensitive data are exfiltrated after Lightshot[.]exe, which is present within the installer hidden in the read and sign button, is executed.
