Cyber News Rundown: Taiwanese government sites beset in waves of DDoS attacks
Many Taiwanese government sites were targeted by DDoS attacks in the wake of a visit from top U.S. government officials. Originating from IPs in Russia and China, the attacks were quickly squashed. In other cybersecurity news, European missile makers MBDA suffered a breach from a stolen hard drive.
Energy provider Creos Luxembourg S.A. released a July public statement regarding an intrusion into their internal network by the BlackCat ransomware group. During the investigation of the attack, it was revealed that the attackers were able to successfully steal data from the systems, though it is unclear if the numbers claimed on the BlackCat leak site are accurate or not. This group is well known for going after large corporations and drawing the attention of international law enforcement, which has resulted in the group changing its name several times over the last few years.
Following the arrival of top US government officials on a support trip to Taiwan, many Taiwanese government sites were targeted with DDoS attacks, effectively taking them offline due to the high traffic volume. While these attacks didn’t last long, officials were able to identify that they originated from IP addresses in Russia and China, confirming the threats China made over the possible visit. These cyberattacks are likely just the beginning of aggressions from China, though that has yet to be seen.
Researchers have been monitoring the latest version of LockBit ransomware, which now has the capability to remotely download a Cobalt Strike payload to the compromised device. It then uses Windows Defender’s command-line utility to decrypt and launch the payload. This exploitation of a software utility is becoming a norm for LockBit, as their previous version took advantage of a logging utility within VMware to launch a Cobalt Strike payload. The main danger with this new tactic is that many large organizations have these types of programs installed and could lead to significantly greater impact from Cobalt Strike attacks.
Over the weekend, one of the largest power electronics manufacturers in Europe, Semikron, fell victim to a ransomware attack by the LV group that encrypted a sizable portion of their network. The ransom note left on the encrypted machines indicated that 2TB of data had been taken and would be leaked if the demanded ransom is not paid. Officials for Semikron were prompt to contact the proper authorities and begin working to restore their services, avoiding any further interruptions for their customers.
Officials for the European missile maker MBDA have released a press statement that refutes any claims by hacking groups that their internal systems were breached, though they do confirm that an external hard drive was taken. It is believed that the hard drive contained 60GB of files that include military projects and other sensitive client documents, which has since been leaked online after MBDA refused to cooperate with the hacker group’s demands.