Following a series of high-profile attacks over the last year, the main website for the REvil ransomware group has been taken offline, though it is still unclear if the site was purposefully taken down, or if law enforcement was involved. The group behind REvil was responsible for multiple cyberattacks in recent years and the latest breach of Kaseya, which both brought international attention and response to the growing ransomware epidemic. It is likely that the group will return to the ransomware business soon, but with a different name, as seems to be the going trend with groups who gain too much notoriety.
Iranian Train Services Hacked
Late last week, Iranian officials were bombarded by complaint calls that were being directed towards them from a cyberattack on the national train services. A cyberattack on the train network caused delays and issues with ticket processing, which further drove the calls to the supposed technical support line, but instead left the office of the Supreme Leader with a hefty call backlog. Officials for the railway service have since confirmed that their systems are back to normal operation, and that no customer information was compromised.
Spanish police arrest multiple banking trojan operators
Spanish national police have recently arrested 16 individuals involved in the recent expansion of Brazilian-based banking trojans to European countries, resulting in the illicit access to bank accounts containing millions of euros. The banking trojans themselves were capable of identifying credentials for upwards of 30 different banks, on the victim’s device, and typically restarted the device several times upon receiving a proper credential match. In doing so, the user is forced to stop using the device while the attackers start transferring funds out of the account.
Mint Mobile suffers data breach
Officials for Mint Mobile have confirmed that a select number of customers had their sensitive information compromised when an unknown party breached their network in June and moved some customer’s phone numbers to a different mobile carrier. They have begun contacting the affected customers of the data breach, recommended them to update their login credentials, and to monitor their credit and financials for any fraudulent activity.
DarkSide ransomware targets Guess fashion
Following a DarkSide ransomware attack in February, officials for the Guess fashion brand have begun contacting the affected victims and informing them that their highly sensitive information had been stolen. While it hasn’t been confirmed as to why the company waited almost 4 months to start notifying the victims, but they have agreed to offer credit and identity monitoring services to those affected, for up to a year.