Michigan-based McLaren Hospitals suffers INC Ransom ransomware attack
McLaren Health Care's IT and phone systems were disrupted by an attack linked to the INC Ransom ransomware operation.
McLaren, a nonprofit health care system with over 28,000 employees, operates 13 hospitals across Michigan and generates annual revenues exceeding $6.5 billion. The health system advised patients to bring detailed information about their medications to appointments, hinting at a loss of access to patient databases. McLaren apologized for the inconvenience, stating that some appointments and elective procedures might need to be rescheduled as a precaution.
Employees at McLaren Bay Region Hospital reported receiving a ransom note, indicating that the hospital's systems had been encrypted and that stolen data would be published if the ransom wasn't paid. INC Ransom is a ransomware-as-a-service (Raas) operation that emerged in July 2023 and has targeted organizations in various sectors, including health care, education, and government.
Minimal damage reported after ADT home security company suffers data breach
Home security systems company ADT Inc., with revenue of $4.98 billion in 2023, announced that attackers recently breached databases containing customer order information.
The company did not specify the exact date of the intrusion but stated it quickly took action to block unauthorized access and began investigating the incident with external cybersecurity experts. According to ADT, the attackers accessed limited customer information, including email addresses, phone numbers, and home addresses, but there is no evidence that home security systems or sensitive financial data were compromised.
ADT is still investigating the breach and has notified affected customers, who the company claims represent a small percentage of their overall subscriber base. The company believes the incident has not materially impacted its operations. The investigation is ongoing.
An unnamed South Asian media group attacked by Go-based backdoor
In November 2023, an unnamed South Asian media organization was targeted with a new Go-based backdoor called GoGra.
According to researchers, GoGra utilizes the Microsoft Graph API to communicate with a command-and-control server hosted on Microsoft mail services. The malware reads messages from an Outlook account with the username "FNU LNU," decrypts the contents using AES-256 in CBC mode, and executes commands via cmd.exe. The results are then encrypted and sent back to the same user.
This backdoor is attributed to the nation-state hacking group Harvester due to its similarities with another malware, Graphon. The trend of using legitimate cloud services for command and control is growing among threat actors, as evidenced by other malware families like Grager, MoonTag and Onedrivetools, the latter of which has been used against IT services companies in the U.S. and Europe to execute commands via the Graph API and save the output to OneDrive.
Ransomware attack strikes French cultural institution during 2024 Paris Olympics
The Grand Palais Réunion des musées nationaux (Rmn) in France experienced a ransomware attack.
This institution manages several major museums and cultural sites, including those hosting Olympic events like fencing and taekwondo. Despite the cyberattack, Olympic events proceeded without disruption, and the museums under Grand Palais Rmn's management continued normal operations.
However, the attack did cause temporary shutdowns of bookstores and boutiques, which were later restored to autonomous operation. French cybersecurity authorities are involved in investigating the incident, and no data breaches have been detected so far. The Paris prosecutor’s office has also launched an investigation into the attack.
Auckland, New Zealand VoIP firm Banx hit by Meow ransomware
The Meow ransomware gang allegedly attacked Banx Systems, a New Zealand VoIP and IT support company with an annual revenue of $5.4 million.
The group posted details of the attack on their darknet site, announcing a data pack containing over 15 GB of confidential information. The post claims that the stolen data includes client information, financial documents, and other confidential records.
The Meow gang is selling the data for either $35,000 to a single buyer or $12,000 to multiple buyers. This is the first attack by Meow in the ANZ region, though they have already claimed seven victims in August and 53 victims in total since their operation began in November 2023.