October 25, 2023 at 06:07PM
Chile’s telecommunications company, Grupo GTD, experienced a cyberattack on its Infrastructure as a Service (IaaS) platform, resulting in disruptions to services, including data centers, internet access, and Voice-over-IP (VoIP). The attack involved the Rorschach ransomware variant, which utilizes DLL sideloading vulnerabilities in legitimate executables to inject a ransomware payload and encrypt files. Chile’s Computer Security Incident Response Team (CSIRT) has released Indicators of Compromise (IOCs) related to the attack and has recommended organizations connected to GTD’s IaaS take necessary measures to ensure they were not breached.
Key Takeaways from the Meeting Notes:
1. Grupo GTD, a telecommunications company operating in Latin America, experienced a cyberattack on its Infrastructure as a Service (IaaS) platform, causing disruptions to its services.
2. The cyberattack affected GTD’s data centers, internet access, and Voice-over-IP (VoIP) services, while their communication COR and ISP remained unaffected.
3. Chile’s Computer Security Incident Response Team (CSIRT) confirmed that the attack was a ransomware incident.
4. The ransomware variant involved in the attack is believed to be the Rorschach ransomware.
5. The CSIRT has issued a requirement for all public institutions using GTD’s IaaS services to report any impact from the cyber attack.
6. GTD disconnected its IaaS platform from the internet to prevent the further spread of the attack.
7. CSIRT has provided IOCs (Indicators of Compromise) related to the attack, including file names and SHA256 hashes, to assist organizations in confirming whether they were breached.
8. CSIRT recommends organizations connected to GTD’s IaaS to take measures such as conducting antivirus scans, reviewing system accounts, analyzing performance, and monitoring network traffic to ensure no compromise.
9. It is noted that earlier this year, the Chilean military also experienced a ransomware attack, resulting in data theft.