September 30, 2024 at 06:20PM A ransomware attack on University Medical Center in Lubbock, Texas forced the hospital to limit operations and divert patients to other facilities. The center is working with authorities and third-party experts to resolve the issue. Ransomware attacks in healthcare are rising, posing a threat to patient care and information security. … Read more
September 10, 2024 at 06:06AM A trio of threat clusters linked to the People’s Republic of China have breached a dozen new targets, including a Southeast Asian government organization. Operation Crimson Palace utilizes a team-based approach for cyber heists, with three independent clusters handling various stages of the attack chain, demonstrating persistency and adaptability in … Read more
August 28, 2024 at 03:02PM The PoorTry Windows driver has evolved into an EDR wiper, deleting crucial security files to hinder restoration efforts. Trend Micro first warned about this in May 2023, with Sophos confirming EDR wiping attacks. The tool, used by ransomware gangs like BlackCat and LockBit, employs various tactics to avoid detection and … Read more
August 23, 2024 at 06:36AM Summary: A recent Qilin ransomware attack involved stealing credentials from Google Chrome browsers, using compromised VPN portal credentials, then editing the default domain policy to harvest credentials and erase evidence after exfiltrating them. Ransomware groups continue to evolve tactics, with Russian-speaking groups earning over $500 million from ransomware proceeds and … Read more
July 17, 2024 at 11:10AM Ransomware attack costs on critical national infrastructure organizations surged this year, as Sophos reports a median ransom payment spike to $2.54M, 41 times higher than last year. Costs to recover also rose significantly, with IT sectors reporting the lowest average payment of $330,000, and education and federal government recording the … Read more
June 6, 2024 at 07:42AM Multiple China-linked state-sponsored cyberespionage groups, known as Operation Crimson Palace, targeted a Southeast Asian government over years. They utilized various tools, including a new malware named PocoProxy, for reconnaissance and data harvesting. Sophos identified three clusters of activity, suggesting a coordinated campaign under a central authority to support Chinese state … Read more
June 5, 2024 at 04:14PM Since at least March 2023, Chinese state-sponsored actors have launched the Crimson Palace cyberespionage campaign against a Southeast Asian government agency. The campaign involved new malware variants and three coordinated activity clusters. These clusters, operating during Chinese work hours, engaged in reconnaissance, lateral movement, and persistent access management. Sophos researchers … Read more
June 5, 2024 at 06:40AM A new Sophos report reveals the extensive collaboration and sophistication of “Operation Crimson Palace,” an attack by three Chinese state-aligned threat clusters targeting a Southeast Asian government organization. Their teamwork involved advanced malware tools and evasion techniques, allowing them to steal sensitive military and political secrets. The report avoids specific … Read more