SecurityWeek reports that U.K. water provider South Staffordshire has been hit by a Cl0p ransomware attack, but the ransomware gang has claimed to have breached Thames Water, which is the largest water and wastewater firm in the U.K., on its leak site.
Despite naming Thames Water as its victim, Cl0p ransomware has posted files from South Staffordshire as proof of the attack. Files from South Staffs Water, a subsidiary of South Staffordshire, have also been leaked by Cl0p.
Thames Water has denied being impacted by a ransomware attack but South Staffordshire confirmed that while its corporate IT network was disrupted by the intrusion, water supply has not been affected.
Cl0p ransomware claimed that it was able to exfiltrate more than 5TB of data from its victim after compromising its supervisory control and data acquisition system and other systems, with Cl0p posting screenshots relating to its victim's human-machine interface systems.
The legitimacy of the screenshots has been vouched by Radiflow CEO Ilan Barda.
"... [W]hen an attacker gains access to such an internal OT computer they can also install a hidden malware that will further spread in the internal OT network and might eventually reach assets in which it can cause real damage," Barda added.
The Philippine Health Insurance Corporation, which manages the country's universal healthcare system, had its websites and portals disrupted by a Medusa ransomware attack last week, from which it is struggling to recover, reports The Record, a news site by cybersecurity firm Recorded Future.
Japanese multinational conglomerate Sony has begun an investigation into an alleged cyberattack, which was reported to have resulted in the exposure of 3.14 GB of data in hacking forums, amid the emergence of different attackers claiming to be behind the hack, according to BleepingComputer.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.