BleepingComputer reports that numerous media and entertainment entities worldwide have had their Linux network systems compromised by the IceFire ransomware operation since mid-February.
IceFire ransomware attacks commence with the exploitation of an already patched high-severity deserialization flaw in IBM Aspera Faspex file-sharing software, tracked as CVE-2022-47986, before the deployment of the updated IceFire ransomware variant, which would then proceed to perform file encryption, self-deletion, and binary removal, according to a SentinelLabs report.
"In comparison to Windows, Linux is more difficult to deploy ransomware against particularly at scale. Many Linux systems are servers: typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploiting application vulnerabilities, as the IceFire operator demonstrated by deploying payloads through an IBM Aspera vulnerability," said SentinelLabs.
Such targeting of Linux systems by IceFire ransomware continues the trend of ransomware operations expanding their attacks outside of Windows systems, SentinelLabs added.
Utilization of Slack will be halted across most of Disney's businesses by the end of the year, said Disney Chief Financial Officer Hugh Johnston in a report in the Status media newsletter.
Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data.
Some of the 340 GB of sensitive data purportedly stolen from the City of Pleasanton, including names, birthdates, credit card numbers, and other personal and corporate financial information, have already been exposed by Valencia.