Friday 13th January 2023
Cyber Threat Intelligence Weekly Update: 13th January 2023
Key Issue: Royal Mail compromised using LockBit ransomware, disrupting its operations
Cybercriminals: Continued exploitation of Python Package Index to deliver malware
Nation-State: Russian state-backed Callisto group targets US nuclear research labs
Hacktivists: Target organisations perceived to support either side in Ukrainian conflict
Royal Mail compromised using LockBit ransomware, disrupting its operations
This week we reported on the compromise of Royal Mail with LockBit ransomware. The compromise halted all international shipping services and caused ransom notes claiming to be from the LockBit Ransomware–as–a–Service group to be printed on printers used for custom dockets. While these details suggest that LockBit affiliates were responsible, the group’s public representative has stated that the group did not target Royal Mail and that the compromise was likely conducted by a threat actor using LockBit’s builder after it was leaked in 2022. It is possible that another threat actor used LockBit’s ransomware with no intention of negotiating with Royal Mail, making this a purely disruptive operation.
The compromise may be an attempt by another threat actor to damage the group’s reputation or another less sophisticated group taking advantage of LockBit’s leaked tooling. LockBit recently faced criticism after one of its affiliates compromised a children’s hospital in Toronto, prompting the group to provide the hospital with a decryptor and issue a public apology. As Royal Mail is such a high–profile target, LockBit’s involvement would likely draw further public scrutiny, therefore making operation less likely to be the group’s responsibility, particularly due to the lack of financial motive.
Subscribe below to receive the full version.
Get our latest cyber intelligence insights straight into your inbox
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.