Baker & Taylor, the world's largest distributor of books to libraries worldwide, confirmed it's still working on restoring systems after being hit by ransomware more than a week ago. With an annual revenue of $4.6 billion, the Charlotte, North Carolina-based firm currently services more than 5,000 public and academic libraries.
The Dominican Republic's Instituto Agrario Dominicano (IAD) has suffered a ransomware attack by the Quantum group. According to the ransom note, at least four physical servers and eight virtual servers with the databases, applications and emails were compromised.
The RansomEXX ransomware gang is claiming responsibility for the cyberattack against Bombardier Recreational Products (BRP), which was disclosed by the company on August 8, 2022.
Hydrox was first spotted by Twitter user Petrovich on July 29, 2022. On August 3, EnigmaSoft described this threat as a harmful malware that actually wipes users' data. This conclusion was made from a “ransom note” which didn’t actually contain any credentials or links for paying the ransom.
Multi-national tech conglomerate Cisco has confirmed that the Yanluowang ransomware gang breached its corporate network in late May, and that the group tried to extort them by threatening to leak stolen files online. The Yanluowang gang claims to have stolen 2.8 GB of data, consisting of approximately 3,100 files which Cisco has described as "not sensitive."
German electronics manufacturer Semikron has reported that they were hit by a ransomware attack. The LV ransomware group has claimed responsibility for this attack, and is threatening to leak 2 TB worth of stolen data if their ransom demands are not met.
The ALPHV/BlackCat ransomware gang claims to have stolen more than 150 GB of data from Creos Luxembourg S.A., a company which manages natural gas pipelines and electrical networks in the Grand Duchy of Luxembourg. The alleged stolen data consists of 180,000 files, including contracts, agreements, passports, bills and emails.
Researchers have observed a new post-exploitation attack framework in the wild. Manjusaka, as it's called, can be deployed as an alternative to the popular Cobalt Strike toolset — or parallel to it for redundancy.
Security researchers have discovered that QBot malware is now using the legitimate Windows Calculator app for DLL side-loading attacks. The method continues to be used in current malspam campaigns.
A new version of MLNK Builder, a link generation tool popular among cybercriminals, has emerged on the dark web. The updated feature set focuses on antivirus evasion and masquerading techniques, using icons of popular legitimate applications and file formats.
Symbiote is a new Linux malware that steals users’ data and provides a backdoor to threat actors. It was discovered in June, 2022 and is characterized as a very stealthy malware. It uses a lot of evasion techniques, such as hooking functions, capturing TCP traffic and hiding its own files. It collects users' data and exfiltrates it on DNS servers.
The Knauf Group, a German-based multinational producer of construction materials, has announced that it's been the target of a cyberattack. The incident took place on the night of June 29, forcing its global IT team to shut down email systems, although communications were still possible via mobile devices and Microsoft Teams.