Cyber Weekly Digest - 2022 Week #23

In this week’s Cyber Weekly Digest we discuss the biggest cyber security news including the ransomware group that claims to have breached Mandiant, and the latest zero-day vulnerabilities exploited by threat groups. Keep reading to stay up to date on the latest cyber security news from around the world.

1. LockBit ransomware claims to have breached Mandiant

The ransomware group, LockBit, published a new page on its data leak website this week saying that they would leak 356,841 files belonging to Mandiant. However, Mandiant has stated that they had no evidence of a breach and that the data leaked showed no indication that Mandiant’s data had been disclosed. After LockBit published the files, it looks like this wasn't about files stolen from Mandiant's network but, instead, about the ransomware group trying to distance itself from the Evil Corp cybercrime gang due to the economic sanctions preventing victims from paying ransoms.

2. The Italian city of Palermo suffers large-scale outages due to a cyber attack.

This week the Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage. The attack occurred at the weekend, and all internet-relying services remain unavailable. The attack has impacted 1.3 million people and many tourists visiting the city. Vice Society claimed they were behind the attack on Palermo by posting on their dark web data leak site, stating they will publish all stolen documents by Sunday if a ransom is not paid.

3. A new Emotet variant is using Google Chrome to steal credit card information.

The Emotet malware is now deploying a new module designed to steal credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers. This new development also comes during a spike in Emotet activity, following a 10-month break last year when law enforcement took down the operation.