Security News

GSC Game World, the developer of the highly-anticipated 'STALKER 2: Heart of Chornobyl' game, warned their systems were breached, allowing threat actors to steal game assets during the attack. The Ukrainian game publisher says that a "Community from a Russian social network" was behind the attack and is blackmailing the company by threatening to release data for Stalker 2, which is expected to be released later this year.

A series of distributed-denial-of-service attacks shut down nine Danish hospitals' websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers' operations or digital infrastructure. "Region H the hospitals' websites are down," it read, in Danish.

A series of distributed denial-of-service attacks shut down seven German airports' websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights. Ralph Beisel, the general manager of Germany's ADV airport association, confirmed the network-flooding events in an emailed statement to The Register, but did not specify which airports were hit.

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. The geopolitical group is believed to be sponsored by the Iranian government and has since been linked to a string of espionage and sabotage attacks that make use of tools like StrifeWater RAT and open source utilities such as DiskCryptor to harvest sensitive information and lock victim data on infected hosts.

The website of the European Parliament has been taken down following a DDoS attack claimed by a pro-Russia group of hacktivists calling themselves Anonymous Russia. The Director General for Communication and Spokesperson of the European Parliament, Jaume Dauch, also stated after the website went down that the outage was caused by an ongoing DDoS attack.

The Ukrainian CERT has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are leveraging a specific version of the Somnia ransomware that, "According to the attackers' theoretical plan, does not provide for the possibility of data decryption."

Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems. The group previously disclosed creating the Somnia ransomware on Telegram and even posted evidence of attacks against tank producers in Ukraine.

While the FBI alert doesn't name said hacktivists in its latest cyber squad notification [PDF] for private industry, the Feds may be talking about Killnet, a "Relatively unsophisticated" gang whose "Nuisance-level DDoS attacks" don't live up to its rhetoric, according to security researchers. These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media.

The Federal Bureau of Investigation said on Friday that distributed denial-of-service attacks coordinated by hacktivist groups have a minor impact on the services they target. "Coinciding with the Russian invasion of Ukraine, the FBI is aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success," the agency said.

Iran's Atomic Energy Organization has laughed off claims that the email systems of a subsidiary were compromised, revealing important operational data about a nuclear power plant. An activist group that calls itself Black Reward and claims to be from Iran took to Telegram last Friday with claims it had accessed an email server run by a company related to Iran's Atomic Energy Organization and exfiltrated 324 inboxes comprising over 100,000 messages and totalling over 50G of files.