Cyber Weekly Digest - Week #26
Updated: Jul 2
In this week’s digest we dive into the latest REvil ransomware victims, 4 high-level vulnerabilities which affect over 30 million Dell devices, and how North Korean’s linked threat actors breached a South Korea nuclear research agency. Keep reading to find out about the biggest cyber security stores from around the world.
This week South Korea’s ‘Korea Atomic Energy Research Institute’ (KAERI) confirmed that their internal networks were hacked last month by North Korean Threat Actors using a VPN vulnerability. At the time of the attack, KAERI initially denied the attack occurred, they have since confirmed and apologised for attempting to cover up the breach. KAERI is still investigating the incident to confirm what information was accessed during the incident. However, access logs show thirteen different unauthorised IP addresses gained access to the internal network, one of the IPs is linked to North Korean state-sponsored hacking group Kimsuky.
Researchers have found four high severity vulnerabilities which affect 129 models of Dell laptops, tablets and desktops ,which is estimated to be 30 million devices worldwide. The security bugs could give attackers almost complete control and persistence over targeted devices. Specifically, the issues affect the BIOSConnect feature within Dell SupportAssist. BIOSConnect is used to perform remote OS recoveries or to update the firmware on the device. Dell is starting to push out patches for BIOS on all of the affected systems.
Researchers has found a threat actor with suspected linked to Pakistan which has been targeting energy and government organisations in the South and Central Asian regions. Most of the organisations which they believe have been compromised were in India and a small number in Afghanistan. The researchers believe that the operation began in January of this year. The attacker has been targeting victims to deploy a remote access trojan on compromised Windows systems.
The latest REvil ransomware attacks have hit two large organisations this week. First the UK-based fashion company French Connection (FCUK) confirmed that it had been hit by the REvil gang, just hours later the Brazilian medical diagnostics firm Grupo Fleury confirmed an attack. REvil has proven that it is becoming one of the world’s most dangerous ransomware threat actors. The attackers were able to breach FCUK’s back-end servers and steal personal data such as passport scans of the company’s top executives, the company has stated that there is no evidence customer data was accessed. It is believed that the attackers are demanding $5 million from Grupo Fleury for a decryptor.
A fertility clinic in Georgia ha confirmed this week they suffered a data breach this week following a ransomware attack which occurred in April. The Reproductive Biology Associates LLC (RBA) is a fertility clinic which recruits egg donors. It is estimated that 38,000 patients were affected by the data breach. The attackers gained access to files which included patient information such as laboratory results, social security numbers and information relating to the handling of human tissue. RBA has not stated if they paid a ransom, however the breach notification suggests they had in order to obtain a decryptor and prevent the release of the stolen data.