Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Inc ransomware. Show all posts
Ransomwares
Cyber Attacks Defense Hacker attack Inc ransomware IT Systems IT systems breach Military Data NATO Ransomwares

Hungarian Defence Agency Hacked: Foreign Hackers Breach IT Systems

 

Foreign hackers recently infiltrated the IT systems of Hungary’s Defence Procurement Agency, a government body responsible for managing the country’s military acquisitions. According to Gergely Gulyas, the chief of staff to Hungarian Prime Minister Viktor Orban, no sensitive military data related to Hungary’s national security or its military structure was compromised during the breach. Speaking at a press briefing, Gulyas confirmed that while some plans and procurement data may have been accessed, nothing that could significantly harm Hungary’s security was made public. The attackers, described as a “hostile foreign, non-state hacker group,” have not been officially identified by name. 

However, Hungarian news outlet Magyar Hang reported that a group known as INC Ransomware claimed responsibility for the breach. According to the outlet, the group accessed, encrypted, and reportedly published some files online, along with screenshots to demonstrate their access. The Hungarian government has refrained from confirming these details, citing an ongoing investigation to assess the breach’s scope and potential impact fully. Hungary, a NATO member state sharing a border with Ukraine, has been increasing its military investments since 2017 under a modernization and rearmament initiative. 

This program has seen the purchase of tanks, helicopters, air defense systems, and the establishment of a domestic military manufacturing industry. Among the notable projects is the production of Lynx infantry fighting vehicles by Germany’s Rheinmetall in Zalaegerszeg, a region in western Hungary. The ongoing conflict in Ukraine, which began with Russia’s 2022 invasion, has further driven Hungary to increase its defense spending. The government recently announced plans to allocate at least 2% of its GDP to military expenditures in 2024. Gulyas assured reporters that Hungary’s most critical military data remains secure. 

The Defence Procurement Agency itself does not handle sensitive information related to military operations or structural details, limiting the potential impact of the breach. The investigation aims to clarify whether the compromised files include any material that could pose broader risks to the nation’s defense strategy. The breach raises concerns about the cybersecurity measures protecting Hungary’s defense systems, particularly given the escalating reliance on advanced technology in modern military infrastructure. With ransomware attacks becoming increasingly sophisticated, governments and agencies globally are facing heightened pressure to bolster their cybersecurity defenses. 

Hungary’s response to this incident will likely involve a combination of intensified cybersecurity protocols and ongoing collaboration with NATO allies to mitigate similar threats in the future. As the investigation continues, the government is expected to release further updates about the breach’s scope and any additional preventive measures being implemented.
Read more »
Vice Society
American healthcare cyberattack Cyber Security Inc ransomware ransomware-as-a-service Vice Society

Vice Society Shifts to Inc Ransomware in Latest Healthcare Cyberattack

 

Ransomware incidents are increasing, with a recent attack targeting American healthcare institutions by a well-known cybercrime group.

Vice Society, also known as Vanilla Tempest by Microsoft, has been active since July 2022. This Russian-speaking group has utilized various ransomware strains in its double extortion tactics, including BlackCat, Hello Kitty, Quantum Locker, Rhysida, Zeppelin (including a custom version), and its own proprietary ransomware.

In a series of updates on X, the Microsoft Threat Intelligence Center (MSTIC) highlighted the group's latest weapon: Inc ransomware.

"Vanilla Tempest is one of the most active ransomware operators that MSTIC monitors," said Jeremy Dallman, MSTIC's senior director of threat intelligence. "While they have been targeting healthcare for some time, their recent adoption of the Inc ransomware payload marks a significant shift as they increasingly engage with the broader ransomware-as-a-service (RaaS) ecosystem."

Although Vice Society targets multiple industries, including IT and manufacturing, it is primarily known for its campaigns against education and healthcare. This aligns with broader cybersecurity trends. According to Check Point Research, healthcare remains the most frequently targeted sector by ransomware. In fact, healthcare organizations worldwide face an average of 2,018 attacks per week, representing a 32% increase compared to the previous year.

Cindi Carter, Check Point's CISO for the Americas, explains the appeal to cybercriminals. "Healthcare organizations are often plagued by outdated legacy technology and bureaucratic hurdles, making them easy targets. Additionally, the data these organizations collect is highly valuable," she states. "A medical record is one of the most identifiable pieces of digital information about a person, second only to a fingerprint."

In its recent healthcare exploits, Vice Society gained initial access through systems already compromised by the Gootloader backdoor. The group subsequently deployed tools such as the Supper backdoor, AnyDesk’s remote monitoring software, and MEGA’s data synchronization service—both legitimate products. They utilized Remote Desktop Protocol (RDP) for lateral movement and exploited Windows Management Instrumentation (WMI) to drop Inc ransomware within infected networks.

Inc ransomware has been operational since last summer, making headlines for attacking large organizations, including Xerox and Scotland's National Health Service (NHS). Jason Baker, a threat intelligence consultant with GuidePoint Security, notes that the organized nature of Inc ransomware affiliates sets them apart.

"The most distinct aspect of Inc affiliates is their systematic approach during the negotiation process," Baker says, drawing from his own experiences. "They don’t make off-the-cuff remarks or resort to empty threats. Everything is methodical."

Baker likens it to the difference between a well-planned bank robbery and a spontaneous street mugging. "You can tell when someone has put serious thought into their attack and knows exactly what they're doing," he adds.

According to a report from Dark Reading, Inc’s malware recently leaked details about its encryption methods, potentially giving defenders an advantage. However, Baker warns that the reality is far more nuanced, especially in the healthcare sector.

"If an organization realizes it can recover data without needing a decryptor, it reduces their incentive to pay the ransom," he explains. "But the situation becomes more complex in double extortion scenarios, especially when sensitive personally identifiable health information (PHI) or intellectual property is involved. That’s why double extortion remains effective—it adds pressure, even if recovery is possible."
Read more »
Subscribe to: Posts (Atom)