Cyber Threats Update: Ransomware Attacks, Anonymous Sudan, NoName & more

Ransomware Attacks and Victims

ALPHV:

• ALPHV ransomware group added Coteccons Group to their victim list. They claims to have access to Financial and accounting docs, Invoices and contracts with customers and partners, Personal info, etc. (Vietnam)
• ALPHV ransomware group added Willamette Falls Paper Company to their victim list. They claims to have published 100GB of company data in their dark web portal. (USA)
• ALPHV ransomware group added Constellation Software Inc to their victim list. They claims to have access to 1TB of company data. (Canada)
• ALPHV ransomware group added KDDI Indonesia, a subsidiary of KDDI Corporation based in Japan, to their victim list. They claims to have access to employees personal info, Financial and accounting info, Passport data and fingerprints, etc. (Japan)
• ALPHV ransomware group added Axure Software Solutions to their victim list. They claims to have access to Personal data, Banking and financial records, Insurance data, Product source codes and databases, etc. (USA)
• ALPHV ransomware group added Essen Medical Associates PC to their victim list. They claims to have access to more than 3 TB of organizations data. (USA)
• ALPHV ransomware group added Grupo Cativa (https://grupocativa.com.br) to their victims list. They claims to have access to Financial and accounting docs, Logistics docs, Confidential docs, Contracts, Databases, etc. (Brazil)

Akira:

• Akira ransomware group added Garcia Hamilton & Associates, LP to their victims list. They claims to have access to customer info, financial info, etc. (USA)
• Akira ransomware group added The Mitchell Partnership Inc., a mechanical building services consulting engineering practice based out of Toronto, to their victim list. (Canada)
• Akira ransomware group added New World Travel, Inc. to their victims list. (USA)
• Akira ransomware group added The Perry Law Firm to their victim list. (USA)
• Akira ransomware group added The Lab Consulting to their victim list. (USA)

BianLian:

• BianLian ransomware group added 5 unknown victims based out of the United States (3), Canada (1) and India (1). Also the victims are operating in various industries like pharmaceutical, manufacturing, transportation, healthcare and legal.

BlackBasta:

• BlackBasta ransomware group added Forest Ridge (https://forestridge.com) to their victims list. They claims to have published the company data in their dark web portal. (USA)
• BlackBasta ransomware group added Carrington Group (https://carrington.ca) to their victims list. They claims to have published the company data in their dark web portal. (Canada)

BlackByte:

• BlackByte ransomware group added PSMM Monitoring & More (https://psmm.pl) to their victims list. (Poland)

LockBit:

• LockBit ransomware group added Layher, Inc. (https://layherna.com) to their victim list. They claims to publish the company data on May 10, 2023. (USA)
• LockBit ransomware group added Joyson Safety Systems (https://joysonsafety.com) to their victim list. They claims to have access to 20TB of company data and to publish the company data on May 11, 2023. (USA)

Royal:

• Royal ransomware group added Meade Tractor (https://meadetractor.com) to their victim list. Earlier the company was a victim to BlackBasta ransomware group. (USA)

Trigona:

• Trigona ransomware group added Treadwell, Tamplin & Co (https://ttccpa.com) to their victim list. (USA)

NoName057(16) Targeted France(4), Sweden(5) & Poland(1) Websites:

- Website of the French Senate.

- Dares, Ministry of Labor of France.

- National Center for Space Research of France.

- Website of the French defense company, Naval Group.

- Service for selling tickets for public transport SL Access card in Sweden.

- Website of Sn?llt?get, Sweden.

- The website of Jernhusen AB, Sweden.

- Swedish portal with the train schedule.

- Swedish public transport service - train and bus schedules.

- Website of the Opole Voivodeship, Poland. Link to Tweet.

Anonymous Sudan Targeted UAE (15) & Israel (1) Websites:

- Ministry of Interior, UAE

- Dubai Police

- Abu Dhabi Police

- Ministry of Health and Prevention, UAE

- Ministry of Education, UAE

- Dubai Municipality

- Abu Dhabi City Municipality

- Ministry of Foreign Affairs and International Cooperation, UAE

- Federal Authority for Identity and Citizenship, UAE

- Dubai Electricity and Water Authority

- Abu Dhabi Distribution Company

- Federal Tax Authority , UAE

- Abu Dhabi National Oil Company

- Dubai Airports

- The UAE Government portal

- Maariv News, Israel. Link to Tweet.

SiegedSec Allegedly Claims the Hack of tesda.gov.ph

SiegedSec hackers group claimed to have hacked into Technical Education And Skills Development Authority (https://tesda.gov.ph) in Philippines and to have accessed more than 400GB of organizations data. Link to Tweet.

Cinoshi, An all-in-one Malware Platform

Cinoshi: a powerful all-in-one malware platform. It combines clipper, stealer, botnet, and cryptominer services in a single panel. Promoted by its owners with free features. Targets popular messaging apps, browsers, and over 35 crypto wallets. Beware of its ability to steal sessions, cards, cookies, and credentials. Supports Bitcoin, Litecoin, Ethereum, and more. A dangerous tool for cybercriminals to exploit digital assets and personal data. Link to Tweet.

Follow us on twitter (twitter.com/FalconFeedsio) for real time updates and request early access to visit?falconfeeds.io.