Cyber Threats Update: Ransomware Attacks, Anonymous Sudan, NoName & more

Ransomware attacks and their victims:

ALPHV:

• ALPHV ransomware group added Orion Corporation to their victim list. They claims to have access to 1TB of company data which includes employees documents, NDA, etc.
• ALPHV ransomware group further updated the thread on Sun Pharmaceutical Industries Ltd. They claims to have published another 2M lines of file listing in their darkweb portal.
• ALPHV ransomware group added Electrostim Medical Services, Inc to their victim list. They claims to access to 200GB of company data.
• ALPHV ransomware group added PM Medical Billing Corp to their victim list. They claims to have access to financial docs, insurance data, customer data, etc.

LockBit:

• LockBit ransomware group added ANCE (https://ance.org.mx), to their victim list. They claims to have access to 29.5GB of company data.
• LockBit ransomware group added Wings Global Travel (https://wings.travel) to their victim list. They claims to publish the company data on May 26, 2023.
• LockBit ransomware group added PlasticTecnic (https://plastictecnic.com) to their victim list. They claims to publish the company data on May 25, 2023.

PLAY:

• PLAY ransomware group added SOWITEC Group (https://sowitec.com) to their victim list. They claims to have access to employee docs, passports, budget, finance info, etc.

BlackByte:

• BlackByte ransomware group has added Magic Aire (https://magicaire.com) to their victim list. The provided sample contains tax documents, employee details, agreements, etc.

Stealers:

• White Snake stealer launched a new update.
• RAXNET Stealer is the name of a malicious application that is classified as a clipper. Because of the way they work, clippers are commonly used to steal cryptocurrency. A clipper, such as RAXNET Stealer, can monitor the infected system's clipboard. In this scenario, the goal is to intercept crypto wallet strings as they enter the clipboard. When a user is going to make a transaction to the wallet, it secretly replaces it with a wallet string belonging to the malware's operators. As a result, instead of carrying out their intended transaction, the victim unintentionally transfers the cryptocurrency amount to the hacker's?pocket.

Data Breach:

• A user has added the database of PERSI (Perhimpunan Rumah Sakit Seluruh Indonesia) to the hacker's forum, claiming that the data contains 13K files and 35 folders, including password, email, IP, and other data.

Link to Tweet.

Team insane pk:

• Team insane pk hackers group allegedly claims to have conducted a massive ddos attacks on 24 Indian government & private airport infrastructures.

Link to Tweet.

NoName Group Targeted:

• Website of the port of Helsinki
• Website of the national airport and air navigation service provider of Iceland, "Isavia"
• Website of the port of Finland, Naantali
• Website of the Danish port of Aarhus
• Website of a Kvarken port, Sweden
• Website of the Finnish port of Pori
• Website of the Finnish port of Hanko

Link to Tweet.

Anonymous Sudan:

• Anonymous Sudan hackers group claims to have targeted and taken down the website of Emirates National Oil Company, UAE.

Link to Tweet.

Follow us on twitter (twitter.com/FalconFeedsio) for real time updates and request early access to visit?falconfeeds.io.