Month: May 2023

HACKS OF TODAY 25/05/2023

Post author By Stefano Favarato
Post date 25/05/2023

HM Hacks Of Today

news

HACKS OF TODAY 25/05/2023

Today’s HOT includes 8 ransomware victims by the notorious LockBit 3.0, Medusa, BlackCat/ALPHV, Medusa, BianLian and Trigona gangs.

The average Cyber Risk Factor is 3.9.

Read below the full list.

Disclaimer:

Data are collected from public info published on Dark Web.
The Cyber Risk factor is calculated on cyber attacks’ impact based on available data.
It shows the severity of an event: 1 = low, 5 = critical

TRABZONSPOR FOOTBALL CLUB

Victim website:	trabzonspor.org.tr
Victim country:	Turkey
Attacker name:	Medusa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	$ 1,000,000
Exfiltrated data amount:	Large amount of data
Exfiltrated data type:	Organization’s data
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	01^st Jun 23
Cyber Risk Factor:	5

THE MIDDLETON GROUP

Victim website:	themiddletongroup.net
Victim country:	USA
Attacker name:	BlackCat/ALPHV
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	1,7 TB
Exfiltrated data type:	Company’s data
Leaked data:	Sample of 50 GB as a proof of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	5

ALBANY ENT & ALLERGY SERVICES

Victim website:	albanyentandallergy.com
Victim country:	USA
Attacker name:	BianLian
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	630 GB
Exfiltrated data type:	Client personal data, Financial data, Business data, Accounting, Post archives.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	4

LEIDOS HOLDINGS

Victim website:	leidos.com
Victim country:	United Kingdom
Attacker name:	Trigona
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	BID start price $ 300,000
Exfiltrated data amount:	N/A
Exfiltrated data type:	Miscellaneous including financial documents
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	01^st Jun 23
Cyber Risk Factor:	4

AFFINITY HEALTH SERVICES

Victim website:	affinityhealthservices.net
Victim country:	USA
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	209 GB
Exfiltrated data type:	Miscellaneous including confidential and financial documents
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	26^th May 23
Cyber Risk Factor:	4

ST FRANCIS PREPARATORY SCHOOL

Victim website:	sfponline.org
Victim country:	USA
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	375 GB
Exfiltrated data type:	Miscellaneous documents
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	13^th Jun 23
Cyber Risk Factor:	4

PNEUS BÉLISLE

Victim website:	pneusbelislecarrieres.com
Victim country:	Canada
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	Miscellaneous documents including invoices and financial documents
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	12^th Jun 23
Cyber Risk Factor:	3

GLOBAL INFOVISION

Victim website:	globalinfovision.com
Victim country:	India
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	13^th Jun 23
Cyber Risk Factor:	2

Stay safe!

Hackmanac Team

Latest news

HACKS OF TODAY 11-12-13-14-15/05/2024

Today's HOT includes 94 victims by the notorious Hunters International, Rhysida, BianLIan, dAn0n, Qilin, Embargo, Everest, INC Ransom, Black Suit, Monti, Akira, RansomHub, Zero Tolerance...

HACKS OF TODAY 09-10/05/2024

Today's HOT includes 94 victims by the notorious Hunters International, Rhysida, BianLIan, dAn0n, Qilin, Embargo, Everest, INC Ransom, Black Suit, Monti, Akira, RansomHub, Zero Tolerance...

OPERATION CRONOS AND THE MAGNITUDE OF THE LOCKBIT REACTION: 119 PREVIOUSLY UNCLAIMED VICTIMS WORLDWIDE

In recent days, following the events involving the LockBit criminal group and law enforcement with Operation Cronos, the hacker group decided to go all in...

Tags CYBER SECURITY, CYBERCRIME, DARKWEB, HACKING, HOTD, MALWARE, RANSOMWARE

2023 expert insights News-EN Newsroom

8BASE, THE NEWLY DISCOVERED RANSOMWARE GANG

Post author By Sofia
Post date 25/05/2023

news

8BASE, THE NEWLY DISCOVERED RANSOMWARE GANG

The new ransomware group is called 8Base: they define themselves as “honest and simple pentesters” who offer their victims the most loyal conditions for the return of their data.

Here’s what we’ve discovered so far.

It’s not such a new group

Although they have only now become known, it seems that the group’s operations have already begun in April 2022, while the last victims date back to May 2023.

With Hackmanac we analyzed their DLS (Dedicated Leak Site) on the Dark Web and we discovered that at the moment there were 66 victims, 45 in 2022 and 21 in 2023, who evidently refused the negotiations.

The list of victims is in fact accompanied by the complete publication of the data stolen during the attack.

They mostly target SMBs

8Base seems to target mainly small and medium-sized companies, mostly belonging to the Professional / Scientific / Technical sector (36% of attacks known so far) and Manufacturing (17%).

Other sectors affected to a lesser extent are:

Wholesale/Retail
Construction
Healthcare
ICT
Financial/Insurance
Transportation/Storage
Organizations
Agriculture / Forestry / Fishing
Education
Gov/Mil/LE
Other Services

The victims are mainly in America and Europe

Analyzing the victims listed in the 8Base DLS, it appears that two thirds of the victims are in America (62%), while a further quarter in Europe (24%).

The most targeted countries are the United States and Brazil:

Other less affected countries are:

Australia
Germany
UK
Mexico
Portugal
Belgium
Egypt
China
Spain
Madagascar
France
Peru
Canada
Turkey
Guatemala
Venezuela
India
Italy

Among the victims also the Italian company SiComputer, attacked on 03/29/2023 and whose data were published a month later.

They have very clear ideas

A characteristic of the group is that their ransom note is particularly detailed.

In addition to the payment terms in bitcoins, clear instructions are in fact provided which prohibit the involvement of third parties, such as the police, agencies (FBI, CIA, NSA, …) or negotiators.

Finally, specific guarantees are provided on the management of the data held by the group.

As in the case of MalasLocker, which we wrote about in our previous article, we are once again in the presence of a cybercriminal group that mainly targets small and medium-sized businesses.
This trend, which seems popular recently, highlights how small companies are a frequent target of cybercriminal operations.

The advice is to monitor computer systems, keep them updated and be aware of cyber threats.

Stay Cyber safe!

Latest news

HACKS OF TODAY 11-12-13-14-15/05/2024

Today's HOT includes 94 victims by the notorious Hunters International, Rhysida, BianLIan, dAn0n, Qilin, Embargo, Everest, INC Ransom, Black Suit, Monti, Akira, RansomHub, Zero Tolerance...

HACKS OF TODAY 09-10/05/2024

Today's HOT includes 94 victims by the notorious Hunters International, Rhysida, BianLIan, dAn0n, Qilin, Embargo, Everest, INC Ransom, Black Suit, Monti, Akira, RansomHub, Zero Tolerance...

OPERATION CRONOS AND THE MAGNITUDE OF THE LOCKBIT REACTION: 119 PREVIOUSLY UNCLAIMED VICTIMS WORLDWIDE

In recent days, following the events involving the LockBit criminal group and law enforcement with Operation Cronos, the hacker group decided to go all in...

Tags 8BASE, CYBER ATTACKS, CYBER SECURITY, CYBERCRIME, MALWARE, RANSOMWARE, SME

2023 HOT News-EN

HACKS OF TODAY 24/05/2023

Post author By Stefano Favarato
Post date 24/05/2023

HM Hacks Of Today

news

HACKS OF TODAY 24/05/2023

Today’s HOT includes 12 ransomware victims by the notorious LockBit 3.0, Royal, BlackCat/ALPHV, Medusa, BianLian and KaraKurt gangs.

The average Cyber Risk Factor is 3.8.

Read below the full list.

Disclaimer:

COOS BAY

Victim website:	co.coos.or.us
Victim country:	USA
Attacker name:	Royal
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	248 GB
Exfiltrated data type:	Confidential documents, contracts, workers salaries, medical information, forensic examinations, insurance and tax information and much more.
Leaked data:	/
Ransom deadline:	N/A
Cyber Risk Factor:	5

CHATTANOOGA HEART INSTITUTE

Victim website:	chattanoogaheart.com
Victim country:	USA
Attacker name:	KaraKurt
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	158 GB
Exfiltrated data type:	Medical records, tests results, diagnoses, social security numbers, passports, addresses, phone numbers, financial data and other documents
Leaked data:	/
Ransom deadline:	27^th May 23
Cyber Risk Factor:	5

RUSAN PHARMA

Victim website:	rusanpharma.com
Victim country:	India
Attacker name:	BianLian
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	1,6 TB
Exfiltrated data type:	Finance, Drugs’ formulas, Customers’ and clients’ private data, HR, Contracts.
Leaked data:	100% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	5

SUNRAY WOODCRAFT CONSTRUCTION

Victim website:	sunray.com.sg
Victim country:	Singapore
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	Employee data, Tenders, Contracts, Financial reports, NDA
Leaked data:	100% of the exfiltrated data
Ransom deadline:	23^rd May 23
Cyber Risk Factor:	4

AMASZONAS S.A.

Victim website:	amaszonas.com
Victim country:	Bolivia
Attacker name:	Medusa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	$ 150,000
Exfiltrated data amount:	Large amount of data
Exfiltrated data type:	Miscellaneous including databases, backups, PII documents, pilot’s information, etc.
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	31^st May 23
Cyber Risk Factor:	4

LELAND CAMPBELL

Victim website:	kpllp.ca
Victim country:	Canada
Attacker name:	Medusa
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	$ 100,000
Exfiltrated data amount:	Large amount of data
Exfiltrated data type:	Miscellaneous including employees and client’s information, financial and confidential documents, invoices and mail correspondence
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	31^st May 23
Cyber Risk Factor:	4

VOXX ELECTRONICS

Victim website:	voxxelectronics.com
Victim country:	USA
Attacker name:	BlackCat/ALPHV
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	– Personal data – Bank and financial records – Source data from various developments of the company – Management correspondence and conversations – Analytical data – Numerous confidential documents of the company’s customers and partners – Access to the company’s various resources
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	27^th May 23
Cyber Risk Factor:	4

INTERSTATE PLASTICS

Victim website:	interstateplastics.com
Victim country:	USA
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	$ 500,000
Exfiltrated data amount:	N/A
Exfiltrated data type:	Miscellaneous documents
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	01^st Jun 23
Cyber Risk Factor:	4

DOTCOM DISTRIBUTION

Victim website:	dotcomdist.com
Victim country:	USA
Attacker name:	Royal
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	40 GB
Exfiltrated data type:	N/A
Leaked data:	10% of the exfiltrated data
Ransom deadline:	N/A
Cyber Risk Factor:	3

SIMPSONS UK LTD

Victim website:	roha.com
Victim country:	United Kingdom
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	Miscellaneous including PII and insurance details
Leaked data:	Sample with proof of the exfiltrated data
Ransom deadline:	01^st Jun 23
Cyber Risk Factor:	3

SPECTRE

Victim website:	spectre.dk
Victim country:	Denmark
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	25^th May 23
Cyber Risk Factor:	2

SURFSIDE FOODS

Victim website:	surfsidefoods.com
Victim country:	USA
Attacker name:	LockBit 3.0
Attacker class:	Cybercrime
Attack technique:	Ransomware
Ransom demand:	N/A
Exfiltrated data amount:	N/A
Exfiltrated data type:	N/A
Leaked data:	/
Ransom deadline:	12^th Jun 23
Cyber Risk Factor:	2

Stay safe!

Hackmanac Team

Latest news

Tags CYBER SECURITY, CYBERCRIME, DARKWEB, HACKING, HOTD, MALWARE, RANSOMWARE