Sophos researchers have discovered that the LockBit, Hive, and BlackCat ransomware operations have simultaneously attacked an unnamed organization, ZDNet reports.
After being subjected to a suspected intrusion from an initial access broker that established a remote desktop protocol session last December, the organization's network was infiltrated by a LockBit ransomware affiliate through vulnerable RDP instance in April, the report revealed.
Nineteen or more systems have been deployed with ransomware by the LockBit affiliate before a Hive ransomware affiliate suspected to use the same RDP credentials worked to immediately encrypt systems. BlackCat attackers were observed to infiltrate the network two weeks later, with the threat actors not only spreading ransomware but also concealing its activities, alongside the attack of LockBit and Hive.
"It's bad enough to get one ransomware note, let alone three. Multiple attackers create a whole new level of complexity for recovery, particularly when network files are triple encrypted. At some point, these groups will have to decide how they feel about cooperation whether to further embrace it or become more competitive but, for now, the playing field is open for multiple attacks by different groups," said Sophos Senior Security Advisor John Shier.
TechCrunch reports that U.S. conservative think tank The Heritage Foundation was working on addressing a cyberattack against its systems last week, but investigation into whether any of its data was compromised is still underway.
Nexperia had some of its servers confirmed to be compromised in a cyberattack last month following a report from Dutch broadcast firm RTL detailing attackers' claims of having exfiltrated hundreds of gigabytes of data from the Chinese-owned Dutch semiconductor manufacturer, according to Cybernews.
Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, has leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.