Security News

An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.

The Auckland Transport transportation authority in New Zealand is dealing with a widespread outage caused by a cyber incident, impacting a wide range of customer services. In a statement given to local media outlet NZ Herald, a spokesperson for AT stated that they have indications they were targeted by ransomware but noted that investigations are still ongoing.

United Kingdom's Greater Manchester Police said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier. The impacted organization, not named in a statement published today, is a service supplier for GMP and other organizations across the UK. GMP does not believe the data on the hacked systems contains financial information belonging to the police department's employees.

Your security solutions might stave off a LockBit infection, but you might still end up with encrypted files: according to Symantec's threat researchers, some affiliates are using the 3AM ransomware as a fallback option in case LockBit gets flagged and blocked. LockBit is a known ransomware family that has been unleashing havoc for quite some time now.

A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network. Researchers say in a report today that the new malware "Has only been used in a limited fashion" and it was a ransomware affiliate's fallback when defense mechanisms blocked LockBit.

A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deploy LockBit in the target network. "3AM is written in Rust and appears to be a completely new malware family," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.

A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. Storm-0324 is a temporary name assigned by Microsoft to this particular threat actor and shows that the company has yet to reach high confidence about the origin or identity of the actor behind the operation.

Sri Lanka's Computer Emergency Readiness Team is currently investigating a ransomware attack on the government's cloud infrastructure that affected around 5,000 email accounts, it revealed on Tuesday. While a LinkedIn post from CERT cited cloud infrastructure, an alert uploaded to the organization's website on Monday specified that an attack was made on the government email system.

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. "In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file," Microsoft said on Tuesday.

Cybercrime crew BianLian claims to have broken into the IT systems of a top non-profit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data. As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang's description of its unnamed victim, looks to be Save The Children International.