Rorschach ransomware attack disrupts major Chilean telecom provider

Major Chilean telecommunications provider Grupo GTD, which caters to other countries across Latin America, had its data centers, Voice-over-IP, and internet access disrupted following a cyberattack against its infrastructure-as-a-service platform on Oct. 23, which was confirmed by Chile's Computer Security Incident Response Team to be a Rorschach ransomware attack, reports BleepingComputer. No impact from the attack has been reported on Grupo GTD's communication COR and ISP. Meanwhile, analysis from Chile's CSIRT revealed that BitDefender, Trend Micro, and Cortex XDR DLL side-loading flaws have been leveraged by attackers to facilitate the deployment of the injector for the Rorschach ransomware, also known as BabLock. Aside from sharing indicators of compromise related to the Rorschach ransomware attack, Chile's CSIRT has also urged organizations linked to Grupo GTD's IaaS to not only conduct antivirus scans across their infrastructure and verify the absence of suspicious software but also examine processing and hard drive performance, limit SSH access to servers, and monitor network traffic.