SecurityWeek reports that two dozen organizations across different industries, most of which are in the Asia-Pacific, had their vulnerable content management systems targeted with SQL injection attacks by the novel GambleForce hacking operation since September.
Numerous tools including the web path brute-forcer dirsearch, HTTP/HTTPS proxy daemon TinyProxy, automated SQL injection and database hijacking tool sqlmap, and an old Redis server exploit have been leveraged by GambleForce to exfiltrate login details and hashed credentials, as well as database table lists from three retail and travel organizations in Indonesia, a gambling firm in South Korea, a government entity in the Philippines, and a travel organization in Australia from September to December, according to a report from Group-IB.
GambleForce also compromised a Brazilian organization through an attack exploiting an improper access check flaw in Joomla, tracked as CVE-2023-23752.
While GambleForce had its command-and-control infrastructure dismantled, attackers are likely to restore operations, said researchers.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.