Cyber News Rundown: Arrests made in phishing campaign targeting Ukrainian citizens
Multiple computers, bank cards and thousands of dollars in cash were seized in connection with the arrests of 8 people accused of running a phishing campaign targeting Ukrainian citizens. In other cyber security news, close to 50,000 Android devices were infected with a banking malware named Xenomorph.
Conti ransomware targets global cookware distributor
The Meyer Corporation, one of the largest cookware makers and distributors in the world, released the findings of an investigation following a ransomware attack. The cyberattack began on October 25, with Conti posting a list of the stolen information on their own leak site about two weeks later. Amongst the stolen data is a significant amount of highly sensitive information on thousands of employees across all of Meyer’s subsidiaries and holding companies. The company is offering up to a year of credit and identity monitoring for those affected.
Major arrest of Ukrainian phishing group
The actors behind 40 phishing sites were taken into custody after a series of campaigns allowed them to drain the banking accounts of nearly 70,000 Ukrainian citizens. This group took a unique approach to phishing – they payed for social media and marketing to push out their initial hook, instead of a mass email campaign. Following the arrests of the five individuals, police confiscated multiple computers, bank cards and thousands of dollars in cash.
Expeditors International suffers security incident
Expeditors International shut down their systems after identifying a cyberattack in progress, hoping to limit the overall impact. While the company hasn’t confirmed if the attack was ransomware or just an intrusion into their systems, they have revealed that they are working on putting their backup protocols into effect. Customers are still unable to access the full extent of Expeditors International’s online services, as the company resecures their networks.
Xenomorph Android malware focusing on banking data
Upwards of 50,000 Android devices fell victim to a new banking malware floating through the Google Play Store named Xenomorph. This new mobile malware specifically targets 56 banking and financial institutions across multiple countries in Europe, including Spain, Italy and Belgium. Researchers believe that this is a successor to the Alien banking trojan and uses some of the same code to perform similar operations, while disguising itself as a performance-boosting application to avoid detection.
Lawsuit filed against Sea Mar for 2021 data breach
A lawsuit was filed against a Seattle-based healthcare provider named Sea Mar that suffered a data breach in June of 2021 and exposed sensitive information on nearly 700,000 patients. Nearly 3TB of the stolen data was later posted on the Marketo group’s leak page, with information going back to 2020. The info includes social security numbers and HIPAA protected information. The lawsuit claims that Sea Mar was negligent with the data they collected and stored, and they exposed thousands of patients to the possibility of identity and credit fraud through their neglect.
A very interesting read, but what always goes through my mind is… What protection have they all been using, as whatever it is… clearly hasn’t helped, and that in turn… is another worry!
Always a good read. Often makes me angry that such scum exist in the world, but there will always be bad actors I guess. The new style of phishing really surprised me, as did the Ukrainian government actually being able to catch them during such a hard time for the country.
Webroot has to keep getting smarter to even stay even it seems.