Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.
- American Addiction Centers: A September ransomware attack on American Addiction Centers exposed the sensitive healthcare information of more than 400,000 people.?The company began mailing out?breach notification letters?ahead of the Christmas holiday, warning 422,424 people that Social Security numbers and health insurance information were among the data leaked during the attack.
- Cyberhaven: An unidentified threat actor has compromised an administrative account of a data security startup, using it to distribute a malicious update for its Chrome browser extension. Swiss-founded security firm Cyberhaven said the hack occurred on Christmas and that the company removed the malicious package from the Chrome Web Store within 60 minutes of detection.
- European Space Agency: European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. With a budget over 10 billion euros, the mission of the European Space Agency (ESA) is to extend the limits of space activities by training astronauts and building rockets and satellites for exploring the mysteries of the universe.
- Japan Airlines: Japan Airlines (JAL)?stated?that a “system malfunction” occurred due to a sudden surge in traffic on its network equipment used for data communication with external systems. Such attacks, known as distributed denial-of-service (DDoS) attacks, disrupt the normal operation of a website or server by overwhelming it with a flood of traffic from multiple sources.
- Pittsburgh Regional Transit: Pittsburgh Regional Transit (PRT) said on Monday that it is “actively responding to a ransomware attack that was first detected on Thursday, December 19.” Law enforcement is involved in the response and an investigation has kicked off alongside cybersecurity experts.
- Ukraine: A?large-scale cyberattack?believed to have been carried out by Russian hackers knocked most of Ukraine’s state registers offline, leaving citizens unable to access essential services linked to their digital records.?
- BellaCPP: The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version?BellaCPP, said it discovered the artifact as part of a recent investigation into a compromised machine in Asia that was also infected with the BellaCiao malware.
- ColdFusion: Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions?2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers.
- FlowerStorm: A new Microsoft 365 phishing-as-a-service platform called "FlowerStorm" is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service. First documented by Trustwave in late November 2024, Rockstar2FA operated as a PhaaS platform facilitating large-scale adversary-in-the-middle (AiTM) attacks targeting Microsoft 365 credentials. The service offered advanced evasion mechanisms, a user-friendly panel, and numerous phishing options, selling cybercriminals access for $200/two weeks.
- NotLockBit: NotLockBit is a new and emerging ransomware family that actively mimics the behavior and tactics of the well-known LockBit ransomware. It distinguishes itself by being one of the first fully-functional ransomware strains to target macOS and Windows systems. Distributed as an x86_64 golang binary, NotLockBit showcases a high degree of sophistication while maintaining compatibility with both operating systems, highlighting its cross-platform capabilities.
- OtterCookie: North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. Contagious Interview has been active since at least December 2022, according to researchers at cybersecurity company Palo Alto Networks. The?campaign targets software developers with fake job offers to deliver malware such as BeaverTail and InvisibleFerret.
- Salt Typhoon: A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. The Salt Typhoon Chinese cyber-espionage group who orchestrated these attacks (also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) is?known for breaching government entities and telecom companies throughout Southeast Asia and has been active since at least 2019.
Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified.
For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind.?
