Monthly IntSum - May 2024

Our monthly IntSum report is a compilation of the most important and relevant news stories.

Our team of cybersecurity experts are constantly monitoring the latest threats and vulnerabilities from around the world to provide you with the most up-to-date information.

29th April - 3rd May: Ideologically Motivated Data Leakage

This week, our report highlighted two significant cyber incidents: the Belarusian Cyber Partisans' breach of the Belarusian KGB and Snatch Ransomware's leak of UK government officials' PII. The Belarusian Cyber Partisans, opposing President Lukashenko's regime, launched a Denial-of-Service attack and leaked a database with offers of collaboration, including those from foreign individuals. This response followed an update in Belarus' military doctrine allowing kinetic retaliation against cyber threats to critical infrastructure.

Meanwhile, Snatch Ransomware, known for its data theft and extortion activities, allegedly leaked the PII of UK government officials. This group recently issued a manifesto targeting government officials, blaming them for data breaches due to regulatory oversight.

These incidents underscore the publicity-seeking behavior of hacktivists and ransomware groups, highlighting the dual-edged nature of such exposure. While it can drive their agenda and force compliance with demands, it also attracts law enforcement attention. The unconventional moral posturing by Snatch Ransomware raises questions about their true motives, whether genuine or merely a strategic ploy.

6th May - 10th May: Russia’s APT28 targets European nations in long-running espionage campaigns

This week, our analyst team reported on the Russian nation-state group APT28's sophisticated intelligence-gathering campaigns targeting multiple European nations. APT28, linked to Russia's GRU, has a notable history of global espionage. Recently, Germany and Czechia accused Russia of prolonged espionage activities against political entities, state institutions, and critical infrastructure, exploiting CVE-2023-23397, a Microsoft Outlook vulnerability.

Following these attributions, the European Union, NATO, and international partners condemned Russia’s actions, highlighting the escalating risks of cyber activities. Polish sources also reported APT28’s recent espionage attempts using phishing emails and social engineering. These incidents reflect Russia's increasing cyber-based intelligence efforts and broader hostilities with Western states since the invasion of Ukraine in 2022. Observations of hybrid warfare tactics raise concerns about the potential spread of conflict and cyber threats to other European regions.

13th May - 17th May: IntelBroker claims responsibility for three large-scale data breaches, listing data for sale on a dark web forum.

This week, our report highlighted two significant cyber incidents: the Belarusian Cyber Partisans' breach of the Belarusian KGB and Snatch Ransomware's leak of UK government officials' PII. The Belarusian Cyber Partisans, opposing President Lukashenko's regime, launched a Denial-of-Service attack and leaked a database with collaboration offers, including those from foreign individuals.

This response followed an update in Belarus' military doctrine allowing kinetic retaliation against cyber threats to critical infrastructure. Meanwhile, Snatch Ransomware, known for its data theft and extortion activities, allegedly leaked the PII of UK government officials. This group recently issued a manifesto targeting government officials, blaming them for data breaches due to regulatory oversight.

These incidents underscore the publicity-seeking behaviour of hacktivists and ransomware groups, highlighting the dual-edged nature of such exposure. While it can drive their agenda and force compliance with demands, it also attracts law enforcement attention. The unconventional moral posturing by Snatch Ransomware raises questions about their true motives, whether genuine or merely a strategic ploy.

20th May - 24th May: Chinese Cyber Espionage efforts highlight the potential risk to UK Organisations

This week, our reports have unveiled several cyber espionage campaigns by Chinese state-backed threat actors, highlighting the sophisticated operations of a newly identified group, Unfading Sea Haze, which has been targeting governmental entities in the South China Sea since 2018. Demonstrating advanced tactics and operational adaptability, Unfading Sea Haze exemplifies the high-level capabilities of Chinese cyber actors. Additionally, security experts have reiterated concerns about the use of operational relay box (ORB) networks by Chinese actors, which facilitate detection evasion and complicate attribution. Notably, “Operation Diplomatic Specter” has seen Chinese-linked threat actors targeting government entities in the Middle East, Africa, and Asia since late 2022.

This reinforces warnings from cybersecurity officials in the UK and US about the growing risks posed by China's cyber espionage efforts. While current activities are primarily intelligence-gathering, there is a realistic potential for disruptive operations, increasing the long-term threat to Western entities.

27th May - 31st May: Pharmaceutical organisations targeted in data theft incidents.

This week, we reported on a significant cyber incident involving Cencora, a leading US-based pharmaceutical company formerly known as AmerisourceBergen. The breach, which occurred in late February 2024, led to the theft of personally identifiable information (PII) and has now impacted at least eleven additional organisations, including major players like GlaxoSmithKline Group and Novartis Pharmaceuticals Corporation.

The fallout has extended to Johnson & Johnson via a breach of Cencora's division, Lash Group. Other notable incidents include a data breach at A&A Services (Sav-RX), affecting over 2.8 million individuals in the US, and a compromise at Canadian pharmaceutical company London Drugs, resulting in store closures and PII theft. These attacks highlight the growing trend of cybercriminals targeting Western medical and pharmaceutical entities, which hold vast amounts of sensitive data and are integral to critical services.

The Optum Solutions breach in February 2024, which disrupted US pharmacy operations and led to a $22 million ransom payment, exemplifies the heightened vulnerability and financial incentive driving these cyber threats. Consequently, pharmaceutical organisations remain prime targets for cybercriminals, who are emboldened by the lucrative potential of such breaches.

We are committed to keeping you informed and helping you stay ahead of the ever-evolving cybersecurity landscape.

By subscribing to our newsletter, you can ensure that you stay ahead of the ever-evolving cybersecurity landscape.

You'll receive monthly updates on the latest trends and threats, in-depth analysis and expert commentary. With this information at your fingertips, you can better protect yourself and your organisation from potential cyber-attacks. Subscribe here.

To see the Orpheus platform in action, click here