Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label 8Base. Show all posts
Ransomware attack
8Base 8Base Ransomware corporate cyber attacks Cyber Attacks Dark Web Data Leak data security Ransomware attack

Nidec Corporation Ransomware Attack: Data Leak on Dark Web

 

In a recent disclosure, Nidec Corporation, a global leader in precision motors and automotive components, confirmed a significant data breach from a ransomware attack that occurred earlier this year. Hackers, after failing to extort the company, leaked stolen data on the dark web. This breach did not involve file encryption, but the stolen information has raised concerns for employees, contractors, and associates regarding potential phishing attacks. Nidec operates in over 40 countries and has an annual revenue exceeding $11 billion. 

The affected division, Nidec Precision, is based in Vietnam and specializes in manufacturing optical, electronic, and mechanical equipment for the photography industry. An internal investigation revealed that hackers accessed a server using stolen VPN credentials of a Nidec employee. This server contained sensitive documents, including business letters, purchase orders, invoices, health policies, and contracts. Over 50,000 files were compromised in the breach. The company responded by closing the entry point and implementing additional security measures as advised by cybersecurity experts. 

Employees are undergoing further training to reduce future risks, with Nidec notifying business partners who may have been affected. The attack was initially claimed by the 8BASE ransomware group in June, who alleged they stole personal data and a large volume of confidential information from Nidec’s systems. In July, the Everest ransomware group also published stolen data on the dark web, suggesting a connection to 8BASE and initiating a secondary extortion attempt. While Nidec has confirmed the authenticity of the stolen data, it downplayed the potential for direct financial damage to the company or its contractors. 

However, the company remains vigilant and continues to monitor for any unauthorized use of the information. This attack underlines the vulnerability of even the largest corporations to cybercriminals and the importance of robust security measures. As ransomware groups continue to evolve their tactics, companies like Nidec must ensure they are prepared to mitigate threats and protect their sensitive data. 

The Nidec breach is a stark reminder of the ongoing risks in today’s interconnected business environment. In response to this breach, Nidec has implemented stronger security protocols and is actively educating its workforce on how to mitigate cybersecurity risks moving forward.
Read more »
Security
8Base Cyber Attacks CyberCrime Cyberscoop Cybersecurity CyberThreat Cyberthreats Data Breaches Security

UN Agency Faces Data Crisis: Ransomware Hack Exposes Extensive Data Theft

 


It is reported that the United Nations Development Programme (UNDP) is investigating a cyberattack involving human resources information stolen from its IT systems due to a breach. To eradicate poverty, fight inequality, and eliminate exclusion from society, UNDP, the UN's global development network, works in more than 170 countries and territories.

Donations are received from UN member states, private companies, and multilateral organizations. According to a statement released by the organisation published Tuesday, there was a hack in the local IT infrastructure at UN City, Copenhagen, in late March. In a statement released by the UNDP on Tuesday, the organization said that a “data extortion actor” had stolen human resources and procurement information in UN City, Copenhagen and that the IT infrastructure was targeted.

In the statement, it was not disclosed what kind of data had been stolen from the organization that is the lead agency on international development for the UN. According to notifications shared with affected parties and viewed by CyberScoop, hackers were able to access several servers and steal data that was significant in scope. 

CyberScoop was informed that the notification information included in its notification may include data about former and current employees' family members, as well as information about contractors, including dates of birth, social security numbers, bank account information, passport details, and information about their bank accounts, bank accounts, and passports. 

A UNDP entry on the 8Base ransomware gang's dark web data leak website has been added to its dark web data leak website since March 27, but the UN agency has yet to identify a specific threat group responsible for the attack. In their assertions, the attackers claim their operators were able to exfiltrate large amounts of sensitive information through the documents they were able to acquire during the breach. 

They allegedly leaked a large amount of confidential information via a now-extinct link, including personal information, accounting data, certificates, employment contracts, confidentiality agreements, invoices, receipts, and much more, according to the reports. They emerged in March 2022, and they spiked their activity in June 2023 after they began attacking companies across a greater range of industry verticals and switched to double extortion to increase their revenue. 

Data leaks were a major issue for the extortion group in May of 2023 when they claimed to be "honest and simple" pen testers that targeted "companies that neglected employees' and customers' privacy and the importance of their data." There have been over 350 victims listed on the site of this ransomware group so far, with some days announcing up to six victims at the same time. 

In 8Base, a custom version of Phobos ransomware has been used, a malicious program that emerged in 2019 and has many code similarities to the Dharma ransomware family. Additionally, in January 2021, the United Nations Environmental Programme (UNEP) announced that over 100,000 employee records containing personally identifiable information (PII) were made available online after a data breach. 

In July 2019, there was also a breach of UN networks in Geneva and Vienna, where a Sharepoint vulnerability allowed access to personnel records, health insurance data, and commercial contract data in an event, that a UN official described as a "major meltdown."
Read more »
VMware Carbon Black
8Base 8Base Ransomware Cyber Attacks MalwareBytes Phobos RansomHouse Ransomware Ransomware group VMware Carbon Black

8Base Ransomware: Researchers Raise Concerns Over its Increased Activities


The 8Base ransomware has well maintained its covert presence, avoiding detection for over a year. Although, a recent investigation into the ransomware revealed a significant rise in its operation during the period of May and June. It has been made clear that the ransomware group has been active since at least March 2022. The threat group labels itself as “simple pentesters,” indicating a basic level of proficiency in penetration testing.

Details of the 8Base

According to a research conducted by Malwarebytes and NCC Group, as of May, the ransomware group may have been linked with a total of whopping 67 attacks. Among these cyber incidents, around half of the manufacturing, construction, and business services industries together account for around half of the affected firms. The targeted firms are primarily located in the United States and Brazil, indicating a geographic focus by the threat group. 

June saw a significant surge in ransomware activities. The fact that the offenders used a dual extortion tactic raised the stakes for their victims is notable.

A list of 35 victims who have been identified has so far been on the 8Base-affiliated dark web extortion site. There have even been occasions where up to six companies have fallen victim to the ransomware operators' nefarious activities at once on specific days.

According to the VMware Carbon Black team, based on its recent activities, and its similarities of ransom notes and content on leak sites along with identical FAQ pages, 8Base could as well be a rebranding of the popular ‘RansomHouse’ ransomware group. RansomHouse, however flexibly promotes its partnership, while 8Base does not.

It is also noteworthy that a Phobos ransomware sample was also discovered by the VMware researchers, that was utilizing the “.8base” file extension, indicating the 8Base could well be the successor of or utilizing the existing ransomware strain.

The researchers concluded that the efficient operations conducted by the 8Base ransomware group may continue to group, which could be an onset of a mature organization. However, it has not yet been made clear whether the group is based on Phobos or RansomHouse.

As for now, there are speculations on 8Base's use of various ransomware strains, whether it be in earlier iterations or as a fundamental component of its typical mode of operation. However, it is commonly known that this organization is very active, with a concentration on smaller firms as a significant target.  

Read more »
Subscribe to: Posts (Atom)