Cyber News Rundown: Arrests made in phishing campaign targeting Ukrainian citizens
Multiple computers, bank cards and thousands of dollars in cash were seized in connection with the arrests of 8 people accused of running a phishing campaign targeting Ukrainian citizens. In other cyber security news, close to 50,000 Android devices were infected with a banking malware named Xenomorph.
The Meyer Corporation, one of the largest cookware makers and distributors in the world, released the findings of an investigation following a ransomware attack. The cyberattack began on October 25, with Conti posting a list of the stolen information on their own leak site about two weeks later. Amongst the stolen data is a significant amount of highly sensitive information on thousands of employees across all of Meyer’s subsidiaries and holding companies. The company is offering up to a year of credit and identity monitoring for those affected.
The actors behind 40 phishing sites were taken into custody after a series of campaigns allowed them to drain the banking accounts of nearly 70,000 Ukrainian citizens. This group took a unique approach to phishing – they payed for social media and marketing to push out their initial hook, instead of a mass email campaign. Following the arrests of the five individuals, police confiscated multiple computers, bank cards and thousands of dollars in cash.
Expeditors International shut down their systems after identifying a cyberattack in progress, hoping to limit the overall impact. While the company hasn’t confirmed if the attack was ransomware or just an intrusion into their systems, they have revealed that they are working on putting their backup protocols into effect. Customers are still unable to access the full extent of Expeditors International’s online services, as the company resecures their networks.
Upwards of 50,000 Android devices fell victim to a new banking malware floating through the Google Play Store named Xenomorph. This new mobile malware specifically targets 56 banking and financial institutions across multiple countries in Europe, including Spain, Italy and Belgium. Researchers believe that this is a successor to the Alien banking trojan and uses some of the same code to perform similar operations, while disguising itself as a performance-boosting application to avoid detection.
A lawsuit was filed against a Seattle-based healthcare provider named Sea Mar that suffered a data breach in June of 2021 and exposed sensitive information on nearly 700,000 patients. Nearly 3TB of the stolen data was later posted on the Marketo group’s leak page, with information going back to 2020. The info includes social security numbers and HIPAA protected information. The lawsuit claims that Sea Mar was negligent with the data they collected and stored, and they exposed thousands of patients to the possibility of identity and credit fraud through their neglect.