CyberScoop reports that experts believe that the LockBit ransomware operation, which just threatened to leak data stolen from U.K. shipping service Royal Mail, could be the next target of law enforcement agencies for a takedown following the disruption of the Hive ransomware gang.
Recent high-profile attacks by LockBit, which include an attack of an affiliate against the Hospital for Sick Children in Toronto, could have raised its profile to law enforcement entities around the world, which have agreed to crack down on ransomware operators, according to Emsisoft threat analyst Brett Callow.
"I wouldn't be at all surprised to discover that LockBits operation had been subject to a Hive-like infiltration. Law enforcement agencies are getting better and better at counter-ransomware operations and every arrest they make and every bit of intel they collect helps them take action against other groups and individuals," said Callow.
Significant action against LockBit is also being expected by Recorded Future intelligence analyst Allan Liska.
"You cant be this big for this long as a [ransomware-as-a-service] group without attracting a lot of unwanted attention," Liska added.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.