Security News > 2023 > October > Chilean telecom giant GTD hit by the Rorschach ransomware gang
On the morning of October 23rd, GTD suffered a cyberattack that impacted numerous services, including its data centers, internet access, and Voice-over-IP. "We understand the importance of proactive and fluid communication in the face of incidents in accordance with what we previously discussed on the phone, I would like to inform you that we are experiencing a partial impact on services as a result of a cybersecurity incident," reads a GTD security incident notification.
Today, Chile's Computer Security Incident Response Team confirmed that GTD suffered a ransomware attack.
"The Computer Security Incident Response Team of the Ministry of the Interior and Public Security was notified by the company GTD about a ransomware that affected part of its IaaS platforms during the morning of Monday, October 23," reads a machine-translated statement on the CSIRT website.
While CSIRT has not disclosed the name of the ransomware operation behind the attack on GTD, BleepingComputer has learned that it involved the Rorschach ransomware variant previously seen used in an attack on a US company.
In a report on the GTD attack seen by BleepingComputer, the threat actors are utilizing DLL sideloading vulnerabilities in legitimate Trend Micro, BitDefender, and Cortex XDR executables to load a malicious DLL. This DLL is the Rorschach injector, which will inject a ransomware payload called "Config[.]ini" into a Notepad process.
Building automation giant Johnson Controls hit by ransomware attack.