BleepingComputer reports that numerous organizations in Ukraine are having their systems encrypted with the novel Somnia ransomware, which has been attributed by the Computer Emergency Response Team of Ukraine to Russian hacktivist operation From Russia with Love, also known as Z-Team and UAC-0118.
Fraudulent websites impersonating the "Advanced IP scanner" software are being leveraged by FRwL in a bid to lure installer downloads among Ukrainian organization employees, with the installer facilitating Vidar stealer infections, according to CERT-UA.
Exfiltration of targets' Telegram session data will be followed by the exploitation of Telegram accounts to enable VPN connection data theft. Attackers then proceed with Cobalt Strike delivery before they conduct data exfiltration and then leverage Anydesk, Ngrok, Rclone, and Netscan for remote access and surveillance efforts. Such an approach was leveraged to deploy the Somnia ransomware, which targets archives, documents, images, video files, databases, and images.
With Somnia ransomware not seeking ransom payments, BleepingComputer notes that it should be regarded as a data wiper instead.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news