Cybersecurity News - Page 297

The affected organizations were based in the UK, the Netherlands, Germany, Sweden, Norway, and Italy.

The company said that while documents were encrypted, the hackers were able to obtain the decryption key due the Accellion FTA vulnerability.

The group has been observed using new plugins and RAT families, such as DetaRAT, ReverseRAT, MargulasRAT and ActionRAT.

The operation targeted organizations from the Middle East, with some of them related to industrial sector.

Once the victim runs the attachment or downloads the fake Microsoft update, Cobalt Strike is installed on the system, providing the threat actors persistent remote access to the targeted machine.

The software vendor estimates that nearly 1,500 businesses have been affected by the recent REvil ransomware attack.

The attack was launched by a threat actor affiliated with the Russia-linked APT 29 hacking group.

CVE-2021-34527 includes both RCE and a LPE vector that can be used by hackers to execute commands with SYSTEM privileges on vulnerable Windows systems.

The vulnerability affects PowerShell version 7.0 or 7.1 and has been fixed in versions 7.0.6 and 7.1.3, respectively.

Polish counter-intelligence said the attack has been carried out as part of the Ghostwriter campaign that has targeted Polish politicians in recent months.