Daily Threat Intelligence Cybersecurity News November 23 2022
Updated: Nov 26, 2022
The stealer-as-a-service business model has grown exponentially as researchers spotted multiple Russian hacking groups that stole over 50 million passwords in the first seven months of the year. LockBit 3.0 seems to be an unstoppable force as it claimed credit for an attack against a Canadian town. In other news, internal messages belonging to the Yanluowang group were released, leading researchers to an interesting discovery. To find that out, read through the top 10 highlights
Group-IB found that at least 34 unique Russian-speaking threat actors have stolen 50,350,000 account passwords from 896,000 infections from January to July.
LockBit 3.0 claimed responsibility for the ransomware attack against municipal services in Westmount, Quebec, and gave a deadline for ransom payment until December 4.
Pro-Russian hacking group Killnet has been targeting the U.K’s Royal Family websites with DDoS attacks for the past few days.
The Smith Family, an Australian children’s charity, suffered a cyberattack that exposed the personal information and credit card details of 80,000 donors.
The Home Trust Mortgage company notified of a ransomware attack on its networks, impacting 1.5GB worth of personal information of clients.
U.S. government-sponsored news outlet Radio Free Asia suffered a data breach that leaked the SSNs, passport numbers, financial information, and other personal data of 4,000 people.
Trellix investigated around 3,000 leaked internal messages, belonging to the Yanluowang ransomware, and discovered that the group was run by Russian-speaking hackers, despite the Chinese moniker.
CERT-NZ recorded a whopping loss of $9 million due to online fraud, in just three months. Twelve victims lost $100,000 each to elaborate scams.
WithSecure researchers observed the Vietnam-based Ducktail info-stealer targeting organizations operating on Facebook’s Business/Ads platform to hijack their accounts.
BleepingComputer found that the Donut extortion group has resorted to deploying ransomware in double-extortion attacks against organizations.