Ransomware Attacks and Victims
ALPHV:
- ALPHV ransomware group added Tony Clark Consulting, to their victim list. (USA)
- ALPHV ransomware group added EirMed Medical Devices, now a part of Trelleborg Healthcare & Medical, to their victim list. They claims to have access to 200GB of company data. (USA)
- ALPHV ransomware group added Ambit Private Limited (https://ambit.co) to their victim list. They claims to have access to 500 GB of company data and samples includes scans of Aadhar card, application forms, account statements, email, etc. (India)
Akira:
- Akira ransomware group added BridgeValley Community & Technical, to their victim list. (USA)
- Akira ransomware group claimed to have leaked data from 2 of their victims, Alliance Sports Group and Pak-Rite, Ltd. (USA)
BianLian:
- BianLian ransomware group added an unknown victim based in the United States, to their darkweb portal.
MEDUSA:
- Medusa ransomware group added The Alto Calore Servizi SpA, a company manages the collection, supply and distribution of drinking water as well as the sewage and purification services in Italy, to their victim list. They claims to publish the company data in 7 days. (Italy)
- Medusa ransomware group added Polatyol Yap? San. ve Tic. A.?., a construction company based in turkey, to their victim list. They claims to publish the company data in 7 days.(Turkey)
Royal:
- Royal ransomware group added EdisonLearning (https://edisonlearning.com) to their victim list. They claims to have access to 20 GB of organizations data. (USA)
- Royal ransomware group added Montana State University (https://montana.edu) to their victim list. They claims to have access to 105GB of organizations data. (USA)
- Royal ransomware group added Great Falls College, Montana State University (https://gfcmsu.edu) to their victim list. (USA)
RansomHouse:
- RansomHouse ransomware group added AvidXchange, Inc. (https://avidxchange.com) to their darkweb feeds. (USA)
ViceSociety:
- ViceSociety ransomware group added Brighton Hill Community School (https://brightonhill.hants.sch.uk) to their victim list. (UK)
Data Breaches
- A user has claimed to have posted the database of https://BI.ZONE , a Russian based cybersecurity company. Sberbank, VKontakte, Ozon, Norilsk Nickel, etc. are clients of the company. Link to Tweet.
- LeakBase claims to have access to the control panel and various other data from https://nuritelecom.co.kr, as well as exporting all project attachments, etc. The claimed data has a size of 1GB. Link to Tweet.
NoName057(16) Targets
- Portal of Security Service of Ukraine.
- Portal of the National Academy of Security Services of Ukraine.
- Portal of the Ministry of Energy of Ukraine.
- Information portal of the city of Kyiv.
- Portal of Bratstvo party.
- Portal with the train schedule of the Kyiv city.
- Website of the Swedish armed forces.
- Website of the Swedish Parliament. Link to Tweet.
Malware
Lumma - Info Stealer
Lumma is an information stealer built in C, sold as a Malware-as-a-Service by LummaC on Russian-speaking underground forums and Telegram. Lumma's features are those of a traditional stealer, with a concentration on cryptocurrency wallets and file grabber?capabilities. Link to Tweet.
Mystic Stealer
Mystic Stealer has appeared lately on the dark web and is gaining popularity because to aggressive advertising of its stealing powers. The malware gathers information on browsers, cold wallets added to browsers, files, system information, and screenshots. The server is written in Python, while the client is?written?in?C. Link to Tweet.
https://95[.]216[.]32[.]74/login/?next=/
https://43[.]154[.]7[.]225/login/?next=/
