Month: May 2023

HACKS OF TODAY 31/05/2023

Post author By Stefano FVRT
Post date 31/05/2023

HM Hacks Of Today

news

HACKS OF TODAY 31/05/2023

Today’s HOT includes 7 victims:

5 ransomware by the notorious LockBit 3.0 and BlackBasta gangs and 2 data leaks.

The average Cyber Risk Factor is 4.0.

Read below the full list.

Disclaimer:

Data are collected from public info published on Dark Web.
The Cyber Risk factor is calculated on cyber attacks’ impact based on available data.
It shows the severity of an event: 1 = low, 5 = critical

RAIDFORUMS

Victim website:	/
Victim country:	N/A
Attacker name:	Impotent
Attacker class:	Cybercrime
Attack technique:	Data leak
Ransom demand:	N/A
Exfiltrated data amount:	478,604 accounts
Exfiltrated data type:	Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	5

SEVERAL TARGETS IN POLAND

Victim website:	/
Victim country:	Poland
Attacker name:	N/A
Attacker class:	Cybercrime
Attack technique:	Data leak
Ransom demand:	N/A
Exfiltrated data amount:	1,204,870 accounts
Exfiltrated data type:	Email addresses, Passwords
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	5

CREDICOOP

Victim website:	credicoop.coop.py
Victim country:	Paraguay
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	$ 200,000
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	16^th Jun 23
Cyber Risk Factor:	4

FIX SCR

Victim website:	fixscr.com
Victim country:	Argentina
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	$ 600,000
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	12^th Jun 23
Cyber Risk Factor:	4

NEW YORK COLLEGE OF HEALTH PROFESSIONS

Victim website:	nycollege.edu
Victim country:	USA
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	$ 200,000
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	12^th Jun 23
Cyber Risk Factor:	4

MCCARTHY FINGAR

Victim website:	mccarthyfingar.com
Victim country:	USA
Attacker name:	BlackBasta
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	115 GB
Exfiltrated data type:	Miscellaneous including agreements and insurance documents
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

COLUMBUS CITIZENS FOUNDATION

Victim website:	columbuscitizens.org
Victim country:	USA
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	19^th Jun 23
Cyber Risk Factor:	2

Stay safe!

Hackmanac Team

Latest news

CORRECTION ON MALASLOCKER ACTIVITIES

Following further information provided to us directly by the Italian company BeeVoip, it is necessary to correct a detail from our previous post regarding the...

HACKS OF TODAY 28/09/2023

Today's HOT includes 7 ransomware victims by the notorious Akira, NoEscape, ALPHV/BlackCat, ThreeAM, 8Base and Cactus gangs. The average Cyber Risk Factor is 3.7. Read below the...

HACKS OF TODAY 27/09/2023

Today's HOT includes 13 ransomware victims by the notorious Dunghill Leak, ALPHV/BlackCat, NoEscape, Medusa, Akira, Qilin, 8Base and Cactus gangs. The average Cyber Risk Factor is 4.1....

Tags CYBER SECURITY, CYBERCRIME, DARKWEB, DATA BREACH, DATA LEAK, HACKING, HOTD, MALWARE, RANSOMWARE

2023 News-EN

NOKOYAWA: ANALYSIS OF THE RE-EMERGED RANSOMWARE GROUP

Post author By Sofia
Post date 30/05/2023

news

NOKOYAWA: ANALYSIS OF THE RE-EMERGED RANSOMWARE GROUP

Nokoyawa ransomware group re-emerged on Dark Web with a new list of victims and some peculiar behavior.

Here’s what we’ve discovered so far.

It’s not a new ransomware group

Nokoyawa ransomware group is not new in the cybercrime scenario: in fact, it gained attention following a March 2022 report by Trend Micro, where the cybersecurity firm was originally linking their operation to the Hive ransomware family.

At the time Nokoyawa was showing similarities in Hive attack patterns and used tools.

There are connections with another group

This time the group is showing some interesting connection with Snatch, another cybercrime group.

Indeed, among the 26 victims named in Nokoyawa’s DLS, it seems that 6 were also targeted by Snatch and appear among their victims:

Gaston College
MSX International
City of Modesto
Canadian Nurses Association
Chattanooga State Community College
Liveaction

According to Cyble The Cyber Express this may not be a coincidence but the sign of a collaboration agreement.

In any case it is certainly a reminder of the way in which criminal organizations are increasingly collaborating with each other in order to maximize the results of their operations.

They were probably relying on a 0-day

Analysing the Nokoyawa malware strain, the ransomware is targeting 64-bit Windows-based systems in double extortion attacks.

According to Kaspersky the group may have used a (at the time) zero-day vulnerability of Microsoft Windows to deploy the ransomware .
The vulnerability, identified as CVE-2023-28252, was subsequently promptly fixed and patched by Microsoft.

The victims belong to several categories

Analysing Nokoyawa victims we discovered that they belong to 12 main categories:

Education
Organizations
Professional / Scientific / Technical
ICT
Transportation / Storage
Gov / Mil / LE
Construction
Healthcare
Manufacturing
Wholesale / Retail
Energy / Utilities
Financial / Insurance

Education (19% of total attacks), Organizations, Professional / Scientific / Technical and ICT (11% each) are the most targeted categories.

Most of the victims are in America

Over two-thirds of the victims (61%) are in America, while 23% of the victims are in Europe.

Other continents involved in Nokoyawa’s attacks are Oceania (8% of attacks), Africa and Asia (4% each).

The US is the country most targeted by the group (54% of total attacks).

Other affected countries are:

UK
Australia
France
Philippines
Romania
Morocco
Canada
Brazil
Germany

They’re speeding up

We detected 26 victims of Nokoyawa in 2023, 5.2 per month on average.

The attacks, which started quietly in the first months of the year, grow decisively in May where we already have 11 attacks in the group’s assets.

Ultimately Nokoyawa appears to be a particularly dangerous ransomware group.

On the one hand, the group has clearly demonstrated that it can count on several criminal associations that appear to have been beneficial.

On the other hand, Nokoyawa’s double extortion operations seem to be accelerating.

In this case, our recommendation is to update and keep secure the information systems, especially those based on Windows.

Stay Cyber Safe!

Latest news

CORRECTION ON MALASLOCKER ACTIVITIES

Following further information provided to us directly by the Italian company BeeVoip, it is necessary to correct a detail from our previous post regarding the...

HACKS OF TODAY 28/09/2023

Today's HOT includes 7 ransomware victims by the notorious Akira, NoEscape, ALPHV/BlackCat, ThreeAM, 8Base and Cactus gangs. The average Cyber Risk Factor is 3.7. Read below the...

HACKS OF TODAY 27/09/2023

Today's HOT includes 13 ransomware victims by the notorious Dunghill Leak, ALPHV/BlackCat, NoEscape, Medusa, Akira, Qilin, 8Base and Cactus gangs. The average Cyber Risk Factor is 4.1....

Tags CYBER ATTACKS, CYBER SECURITY, CYBERCRIME, MALWARE, MICROSOFT WINDOWS, NOKOYAWA, RANSOMWARE, ZERODAY

2023 HOT News-EN

NOKOYAWA EXTRA CYBER ATTACKS – 29/05/2023

Post author By Stefano FVRT
Post date 30/05/2023

HM Hacks Of Today

news

NOKOYAWA EXTRA CYBER ATTACKS - 29/05/2023

We discovered a re-emerged ransomware group named Nokoyawa whose operations restarted at the beginning of 2023.

The listed victims includes 26 cyber attacks.

The average Cyber Risk Factor is 3.9.

Read below the full list.

Disclaimer:

Data are handpicked from public info published on Dark Web.
The Cyber Risk factor is calculated on cyber attacks’ impact based on available data.
It shows the severity of an event: 1 = low, 5 = critical

GASTON COLLEGE

Victim website:	gaston.edu
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	170 GB
Exfiltrated data type:	Miscellaneous including administrative and finance documents, payrolls, private data etc. (College’s critical systems offline)
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	5

MSX INTERNATIONAL

Victim website:	msxi.com
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	700 GB
Exfiltrated data type:	Miscellaneous documents including sensitive information
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	5

CITY OF MODESTO

Victim website:	modestogov.com
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	$ 700,000
Exfiltrated data amount:	80 GB
Exfiltrated data type:	Employees personal data, CVs, DL, SSN. – Complete network map including credentials for local and remote services.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	5

CANADIAN NURSES ASSOCIATION

Victim website:	cna-aiic.ca
Victim country:	Canada
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	150 GB
Exfiltrated data type:	Personal data. – Complete network map including credentials for local and remote services. – Private financial information including: clients data, bills, budgets, annual reports, bank statements.
Leaked data:	/
Ransom deadline:	N/A
Cyber Risk Factor:	5

NEXON ASIA PACIFIC

Victim website:	nexon.com.au
Victim country:	Australia
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	12,23 GB
Exfiltrated data type:	Miscellaneous documents
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

PUEBLO MECHANICAL & CONTROLS

Victim website:	pueblo-mechanical.com
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	22 GB
Exfiltrated data type:	Archives of private files
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

COMMUNAUTÉ DE COMMUNES DE SEILLE ET GRAND COURONNÉ

Victim website:	comcom-sgc.fr
Victim country:	France
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	150 GB
Exfiltrated data type:	Data from residents of the region, topographic images, cadastral maps, photo-video shooting.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

GUARDIAN FINE ART SERVICES

Victim website:	guardianfineart.com
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	110 GB
Exfiltrated data type:	Personal data of clients, the objects of art that they own and keep, credit card data, building plans with all internal information.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

ACCURATE AUTO INSURANCE

Victim website:	accurateautoins.com
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	20 GB
Exfiltrated data type:	SSN, Driver’s License, credit card information, personal photos, accounting and financial statements
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

STOCKMANN NATURSTEINE & FLIESEN

Victim website:	stockmann-natursteine.de
Victim country:	Germany
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	190 GB
Exfiltrated data type:	Data on developed projects, accounting and financial reports, data from the desktops of all users, include information such as confidential personal, passports, files on ongoing projects.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

SNODLAND C OF E PRIMARY SCHOOL

Victim website:	snodland.kent.sch.uk
Victim country:	United Kingdom
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	19 GB
Exfiltrated data type:	Parental data, insurance, financial records, confidential school data such as profits, contracts, personal documents.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

SABIN LABORATORY

Victim website:	sabin.com.br
Victim country:	Brazil
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	200 GB
Exfiltrated data type:	Private data
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

RURAL WORKFORCE AGENCY VICTORIA

Victim website:	rwav.com.au
Victim country:	Australia
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	374 GB
Exfiltrated data type:	Financial information such as statements, credit cards, accounting. Also private information of employees, emigrants, a bunch of passports and other sensitive data.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

FRESCA GROUP

Victim website:	frescagroup.co.uk
Victim country:	United Kingdom
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	100 GB
Exfiltrated data type:	Private data
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

CANOPY CHILDREN’S SOLUTIONS

Victim website:	mycanopy.org
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	150 GB
Exfiltrated data type:	Private data
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

WYOMING COUNTY COMMUNITY HEALTH SYSTEM

Victim website:	wcchs.net
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	150 GB
Exfiltrated data type:	Archive contains financial stats, personal information of patients, administration stuff and more.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

ePERFORMAX

Victim website:	eperformax.com
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	300 GB
Exfiltrated data type:	Customer’s data
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

HYUNDAI MOTORS ETATS-UNIS

Victim website:	hyundai.ma
Victim country:	Morocco
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	16 GB
Exfiltrated data type:	Miscellaneous documents
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

CHATTANOOGA STATE COMMUNITY

Victim website:	chattanoogastate.edu
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	150 GB
Exfiltrated data type:	Personal information of teachers, financial stats, personal information of students.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

MIAMI UNIVERSITY

Victim website:	miamioh.edu
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	16 GB
Exfiltrated data type:	Miscellaneous documents
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

MEDICAL UNIVERSITY OF THE AMERICAS

Victim website:	mua.edu
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	23 GB
Exfiltrated data type:	Miscellaneous including faculty information, administration and scanned documents.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

GLOBAL REMOTE SERVICES

Victim website:	globalremoteservices.com
Victim country:	Romania
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	72,91 GB
Exfiltrated data type:	N/A
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

CONEX

Victim website:	conex.net
Victim country:	France
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	189,9 MB
Exfiltrated data type:	N/A
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	3

MIESCOR

Victim website:	miescor.ph
Victim country:	Philippine
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	N/A
Cyber Risk Factor:	3

ROADIES

Victim website:	roadiesinc.com
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	N/A
Cyber Risk Factor:	2

LIVEACTION

Victim website:	liveaction.com
Victim country:	USA
Attacker name:	Nokoyawa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	N/A
Ransom deadline:	/
Cyber Risk Factor:	2

Stay safe!

Hackmanac Team

Tags CYBER SECURITY, CYBERCRIME, DARKWEB, HACKING, HOTD, MALWARE, RANSOMWARE