Prestige ransomware attacks against Ukraine and Poland have been conducted by Russian hacking group Iridium, which has overlapped with the Sandworm threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.
Iridium "has been consistently active in the war in Ukraine and has been linked to destructive attacks since the start of the war," said researchers from the Microsoft Security Threat Intelligence Center, who were able to attribute the Prestige ransomware attacks to the group based on attack infrastructure and forensic artifacts suggesting victimization of multiple organizations as early as March.
The report also showed that Iridium leveraged two remote code execution tools prior to ransomware deployment. The group has also been observed to shift attacks toward organizations providing humanitarian or military aid to Ukraine.
"More broadly, it may represent an increased risk to organizations in Eastern Europe that may be considered by the Russian state to be providing support relating to the war," MSTIC researchers added.
This week’s healthcare data breach roundup includes multiple ransomware and data extortion incidents, a ransomware attack on Enzo Biochem, and includes ongoing outages at two hospitals in Idaho and Medford Radiology Group.
Numerous fraudulent websites masquerading as legitimate software, including ChatGPT, Gimp, AstraChat, and Go To Meeting, have been used in a new RomCom malware campaign by Cuba ransomware affiliate Void Rabisu, also known as Tropical Scorpius, from December 2022 to April 2023, which was mostly targeted at Eastern Europe, according to BleepingComputer.
Over 8.9M impacted by MCNA Dental ransomware attack Major government-sponsored dental insurance provider Managed Care of North America Dental has disclosed being impacted by a cyberattack compromising personal and health information from more than 8.92 million individuals, including patients, parents, guardians, and guarantors, according to BleepingComputer.