Cyber Weekly Digest - Week #44

Updated: Nov 12, 2021

This week's Cyber Weekly Digest explores another critical infrastructure attack, this time affecting the Iranian fuel distribution networks. We also discuss the latest ransomware attack hitting the US National Rifle Association and how German investigators identified a core member of the REvil gang. Keep reading to stay up to date with the biggest cyber security stories from the week.

1. Grief ransomware gang claims to have attacked US National Rifle Association.

This week, the Grief ransomware gang added the NRA as a new victim on their data leak site while displaying screenshots of Excel spreadsheets containing US tax information and investments amounts. The threat actors also leaked a 2.7 MB archive titled 'National' containing alleged NRA grant applications. The Grief ransomware gang is believed to be tied to a Russian hacking group known as Evil Corp, which has been active since at least 2009. The NRA has not yet commented on the alleged attack.

2. Cyber attack hit Iranian fuel distribution network.

An attack on the fuel distribution chain in Iran has forced the shutdown of a network of filling stations on Tuesday, leaving many stranded across the country and unable to fill up their tanks. The filling stations targeted in the attack belong to the National Iranian Oil Products Distribution Company, with more than 3,500 stations across Iran. Tuesday's attack displayed a message reading "cyberattack 64411" on gas pumps, echoing another critical-infrastructure attack that occurred in July against the Iran rail transportation system, which also displayed the number.

3. German investigators have identified REvil ransomware core gang member.

German investigators have reportedly identified a Russian man whom they believe to be one of the REvil ransomware gang's core members. While the suspect's real identity has not been revealed, German media refers to him as 'Nikolay K' and report that investigators linked him to Bitcoin ransom payments associated with the GandCrab ransomware group, which is strongly linked to REvil. Police were able to find Nikolay's email address, which he used to register to over 60 websites and a phone number that he used for his Telegram a