October 31, 2024 at 11:37AM North Korea’s Andariel group has begun using Play ransomware, marking their first collaboration with an underground ransomware network. This shift indicates a potential increase in high-impact attacks. Researchers recommend heightened vigilance against future ransomware incidents, as the group remains a significant threat, particularly in sectors vulnerable to cyber attacks. ### … Read more
October 30, 2024 at 12:01PM The North Korean hacking group Andariel is linked to the Play ransomware operation, potentially as an affiliate or initial access broker. Researchers found they compromised a network to deploy Play ransomware. This collaboration may help evade sanctions, similar to tactics used by other sanctioned groups like Evil Corp and Iranian … Read more
October 30, 2024 at 12:00PM North Korean threat actor Jumpy Pisces, linked to various aliases, has collaborated with the Play ransomware group, marking a significant first. This incident involved compromised accounts, credential harvesting, and deployment of Play ransomware. The connection remains unclear—Jumpy Pisces may be an affiliate or merely an initial access broker. ### Meeting … Read more
September 5, 2024 at 07:12AM Microchip Technology confirmed a recent ransomware attack resulting in stolen personal and other data. The company isolated the affected systems and filed an 8-K Form with the SEC, confirming the breach. Although certain data was stolen, the full extent of the impact and validity of ransomware group’s claims are still … Read more
August 21, 2024 at 03:57AM Trend Micro Managed Detection and Response (MDR) swiftly identified and contained a Play ransomware intrusion attempt using their Vision One platform. They detailed the attack, from the malware tools used to the cybercriminals’ techniques, and highlighted the critical importance of robust cybersecurity measures. Mitigation strategies and IoC were also elucidated. … Read more
March 7, 2024 at 03:32PM The NCSC of Switzerland reported a data breach at Xplain caused by a ransomware attack, impacting thousands of sensitive government files. The Swiss government confirmed 65,000 leaked documents, with the majority affecting the Federal Department of Justice and Police. An investigation is ongoing, with results and cybersecurity recommendations expected to … Read more
December 19, 2023 at 06:03AM CISA, FBI, and ACSC have issued an advisory on Play ransomware, detailing its tactics, targets, and impact. The ransomware gang uses double-extortion tactics, exploits various vulnerabilities for access, and encrypts victim data. The advisory includes indicators of compromise, mitigation steps, and recommends testing security controls against the threat behaviors outlined … Read more
December 19, 2023 at 01:03AM The Play ransomware group has impacted around 300 entities and is using a double-extortion model to attack businesses and critical infrastructure globally. Ransomware attacks are increasingly exploiting vulnerabilities, leading to a rise in ransomware-as-a-service operations. The ransomware landscape continues to evolve, with emerging groups and collaboration among cybercriminals. Key takeaways … Read more
December 18, 2023 at 11:29AM The FBI, CISA, and ASD’s ACSC jointly warn that the Play ransomware gang has targeted approximately 300 organizations globally between June 2022 and October 2023, impacting critical infrastructure. The group employs unconventional tactics, including stealing sensitive data and using a custom VSS Copying Tool. Organizations are urged to address vulnerabilities … Read more
November 21, 2023 at 09:00AM The ransomware strain Play is now available as a service for other threat actors, according to cybersecurity company Adlumin. Affiliates who purchase the ransomware follow step-by-step instructions from playbooks delivered with it, resulting in attacks with minimal variations. Play, also known as Balloonfly and PlayCrypt, has previously targeted networks through … Read more