ZDNet reports that the Conti ransomware gang has continued operations despite being made vulnerable by the recent leak of the group's communications and hiring practices after it had expressed support for Russia's invasion of Ukraine.
Various initial access vectors have been leveraged by Conti, including Qakbot malware-laced phishing messages and attacks on unpatched Microsoft Exchange servers, as well as the exploitation of VPN and Log4j vulnerabilities and other publicly available exploits, according to an NCC Group report.
The Conti ransomware group has also persisted in exfiltrating substantial amounts of data and encrypting networks as they conduct double extortion attacks. Continued use of such tactics should prompt organizations to ensure immediate patching of known security flaws.
The report also urged businesses to implement strong password policies and multi-factor authentication. Moreover, information security teams have also been advised to conduct network monitoring to promptly flag potentially suspicious activity and prevent ransomware attacks.
BleepingComputer reports that several U.S. financial institutions and numerous cryptocurrency apps are having their users mostly targeted by an expanded Xenomorph malware campaign leveraging an updated version of the Android banking trojan that also set sights on users in Canada, Italy, Spain, Belgium, and Portugal.
Threat actors have targeted Ukrainian military organizations with a new STARK#VORTEX phishing campaign deploying the Merlin post-exploitation toolkit through malicious files purporting to be service manuals for unmanned aerial vehicles or drones, reports The Hacker News.
Ontario's perinatal, newborn, and child registry Better Outcomes Registry & Network had sensitive data from nearly 3.4 million individuals compromised in late May as a result of the widespread MOVEit hack conducted by the Cl0p ransomware operation, reports BleepingComputer.