Friday 24th March 2023

CTI Weekly: Ransomware group adds 53 companies to its leak site within 48 hours

Between March 22 and 24, the Clop ransomware group added 53 victims, mostly based in the United States, to its leak site, including Virgin Atlantic, Atos, and the City of Toronto. The campaign was likely facilitated by a flaw in Fortra’s GoAnywhere secure file transfer tool, which the group exploited to gain access to sensitive data from 130 organisations. Clop has gained notoriety for its high-impact double extortion techniques and has added 211 victims to its leak site in a short period. Organisations using the vulnerable GoAnywhere solution should patch their systems immediately to safeguard themselves from such cyber incidents.

 

Other news:

Russia:

Bad Magic targets Ukrainian sectors with PowerMagic and CommonMagic, while Anonymous Sudan sells Air France’s stolen data and lists several airlines as compromised.

 

Malicious Extensions:

A malicious version of ChatGPT extension for Chrome with over 9,000 downloads compromises Facebook accounts, while a German and Korean advisory warns of Kimsuky using Google Chrome extensions and Android malware to steal emails.

 

Dark Web:

Pompompurin, the owner of the cybercriminal forum ‘Breach Forums,’ has been arrested by the FBI, prompting his successor to take the forum offline, while RansomHouse has added PLN, Indonesia’s largest state-owned electrical company, to their leak site.

 

 

Subscribe below to more and to discover other significant cyber criminals, nation-state and hacktivist news.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.