Swedish grocery chain targeted by Cactus ransomware gang

Security Affairs reports the major Sweden grocery chain Coop has been claimed to be compromised by the Cactus ransomware operation, which warned of exposing more than 21,000 directories containing personal data. Included in Cactus ransomware's initial leak of the 257 GB of stolen Coop data were ID cards. Such an incident comes more than two years after Coop became the first to report being impacted by the Kaseya ransomware attack following a compromise of its third-party payment system software provider Visma. Meanwhile, double extortion attacks have been the specialty of the Cactus ransomware gang since its emergence last March, with the group determining targets with the SoftPerfect Network Scanner, or netscan tool, and conducting endpoint enumeration via PowerShell commands. Aside from using the open-source PSnmap Tool, Cactus ransomware has also been reported to utilize AnyDesk and other legitimate tools for remote compromise, as well as the Chisel proxy tool, Cobalt Strike, and the TotalExec PowerShell script in its attacks.