Intro
DETAILS TODAY The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June 2021.
The group is known to employ a diverse set of tactics, techniques, and procedures, which makes it difficult for organizations to defend against its attacks, as the FBI has earlier stated.
In September this year, Hive claimed to be behind the ransomware attacks on New York Racing Association, a Bell Canada subsidiary, as well as a New York-based emergency response and ambulance service provider.
Hive claims ransomware attack on Tata Power, begins leaking data
"Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month.
A subsidiary of the multinational conglomerate Tata Group, Tata Power is India's largest integrated power company based in Mumbai.
In screenshots seen by BleepingComputer, Hive operators are seen posting data they claim to have stolen from Tata Power, indicating that the ransom negotiations failed.
Hive begins leaking data allegedly stolen from Tata Power
As of a few hours ago, operators behind the Hive ransomware group are seen leaking data allegedly stolen from Tata Power on their leak site.
Cybersecurity analyst and researcher Dominic Alvieri tweeted about the development while tipping us off.
✓ Another researcher Rakesh Krishnan shared screenshots of the stolen data—which appears to include Tata Power employees' personally identifiable information (PII), National ID (Aadhar) card numbers, PAN (tax account) numbers, salary information, etc.
✓ Additionally, the data dump contains engineering drawings, financial and banking records as well as client information, suggests Krishnan:
✓ Hive operators claim that they encrypted Tata Power's data on October 3rd.
✓ On Friday, October 14th, Tata Power disclosed a cyber attack on its "IT infrastructure impacting some of its IT systems" in a stock filing without sharing additional information with regard to the whereabouts of the threat actor.
"The Company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points," stated Tata Power's filing, signed by company secretary H.M. Mistry at the time.
Threat actors like extortion and ransomware groups typically began leaking or selling data stolen from breaching their targets should the target refuse to pay their ransom demand and subsequent negotiations fail.
Hive ransomware in review
The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June 2021.
✓ The group is known to employ a diverse set of tactics, techniques, and procedures, which makes it difficult for organizations to defend against its attacks, as the FBI has earlier stated.
In September this year, Hive claimed to be behind the ransomware attacks on New York Racing Association, a Bell Canada subsidiary, as well as a New York-based emergency response and ambulance service provider.
Hive's last year attack on Memorial Health System led to the cancellation of surgical and diagnostic operations, and patient data theft. . ."
AX SHARMA
Ax Sharma is a Security Researcher and Tech Reporter. His works and expert analyses have frequently been featured by leading media outlets including BBC, Business Insider, Fortune, TechCrunch, The Register, and others. Ax's expertise lies in vulnerability research, malware analysis, and open source software. He's an active community member of OWASP Foundation and the British Association of Journalists (BAJ). Send any tips via email or Twitter DM.-
Hive claims ransomware attack on Tata Power, begins leaking data
Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. In data leak screenshots seen by BleepingComputer, Hive operators are seen leaking data it claims to have stolen from Tata Power, indicating the ransom negotiations failed.
- OCTOBER 25, 2022
- 04:49 AM
- 0
-
Google Chrome to drop support for Windows 7 / 8.1 in Feb 2023
Google announced today that the Google Chrome web browser will likely drop support for Windows 7 and Windows 8.1 starting February 2023.
- OCTOBER 24, 2022
- 04:31 PM
- 3
-
Chrome extensions with 1 million installs hijack targets’ browsers
Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome and Microsoft Edge extensions that hijack searches and insert affiliate links into webpages.
- OCTOBER 24, 2022
- 03:46 PM
- 0
-
Apple fixes new zero-day used in attacks against iPhones, iPads
In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year.
- OCTOBER 24, 2022
- 02:57 PM
- 1
-
Iran’s atomic energy agency confirms hack after stolen data leaked online
The Iranian Atomic Energy Organization (AEOI) has confirmed that one of its subsidiaries' email servers was hacked after the ''Black Reward' hacking group published stolen data online.
- OCTOBER 24, 2022
- 01:17 PM
- 0
-
Microsoft fixes printing issue blocking Windows 11 22H2 upgrades
Microsoft has fixed a known issue blocking the Windows 11 2022 Update from being offered on systems with printers using Universal Print Class or Microsoft IPP Class drivers because of compatibility issues.
- OCTOBER 24, 2022
- 12:26 PM
- 0
-
Cuba ransomware affiliate targets Ukrainian govt agencies
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert about potential Cuba Ransomware attacks against critical networks in the country.
- OCTOBER 24, 2022
- 11:51 AM
- 0
-
Pendragon car dealer refuses $60 million LockBit ransomware demand
Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them.
- OCTOBER 24, 2022
- 10:51 AM
- 4
-
Upgrade your Apple Watch charger with over 60% off this USB gadget
Until Oct. 31, you can find enticing (and often exclusive) sale pricing on e-learning, refurbished tech, gaming supplies, and more. Don't sleep on this one: Right now, the Apple Watch Portable USB Charger is a full 62% off the MSRP at $14.99.
- OCTOBER 24, 2022
- 07:17 AM
- 0
-
Thousands of GitHub repositories deliver fake PoC exploits with malware
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.
- OCTOBER 23, 2022
- 11:15 AM
- 1
-
Typosquat campaign mimics 27 brands to push Windows, Android malware
A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware.
- OCTOBER 23, 2022
- 10:17 AM
- 1
Starting in Cybersecurity? Get lifetime access to Infosec4TC for just $69
You can advance your cybersecurity career, change your career trajectory or, if you plan on moving abroad, retrain for that country's best practices. And since you can get lifetime access right now for way less than usual — just $69 — it's a low-risk, high-reward investment that's sure to pay off.
- OCTOBER 23, 2022
- 08:21 AM
- 0
-
Android adware apps in Google Play downloaded over 20 million times
Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android.
- OCTOBER 22, 2022
- 12:12 PM
- 0
-
TommyLeaks and SchoolBoys: Two sides of the same ransomware gang
Two new extortion gangs named 'TommyLeaks' and 'SchoolBoys' are targeting companies worldwide. However, there is a catch — they are both the same ransomware gang.
- OCTOBER 22, 2022
- 11:12 AM
- 0
-
Exploited Windows zero-day lets JavaScript files bypass security warnings
A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.
- OCTOBER 22, 2022
- 10:06 AM
- 10
No comments:
Post a Comment