Reuters reports that numerous Ukraine- and Poland-based logistics and transportation firms have been targeted with the novel Prestige ransomware.
While the Prestige ransomware attacks have not yet been pinned on a particular threat group, the newest intrusions resembled cyberattacks launched by a cyber threat group associated with the Russian government against Ukrainian agencies, Microsoft said in its report.
Organizations impacted by the Prestige ransomware also overlapped with those affected by the FoxBlade, or HermeticWiper, malware in attacks against Ukrainian, Latvian, and Lithuanian computer systems when Russia's invasion of Ukraine began.
Threat actors behind Prestige have been able to obtain administrator privileges prior to ransomware deployment, with Prestige performing data encryption before leaving a ransom note requiring a decryptor for locked files, the report said.
"The enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks," said Microsoft researchers.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.