China linked-Hackers Breach Power Grid in undisclosed Asian country

February 13, 2023

Symantec revealed that a Chinese hacker group with connections to APT41, which Symantec is calling RedFly, breached the computer network of a national power grid in an Asian country—though Symantec has declined to name which country was targeted. The breach began in February of this year and persisted for at least six months as the hackers expanded their foothold throughout the IT network of the country’s national electric utility, though it’s not clear how close the hackers came to gaining the ability to disrupt power generation or transmission.

Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.

read more

Insurance Carrier Suffers Ransomware Attack

May 16, 2021

AXA Partners, the international subsidiary of AXA insurance group, ended up hit by ransomware attacks in four countries, company officials said.
The attack comes on the heels of AXA, among Europe’s top five insurers, saying it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. The Paris-based group said it was suspending the option in France only in response to growing concern that such reimbursements encourage cyber criminals to demand ransom from companies they prey on, crippling them with malware. Once victims of ransomware pay up, criminals provide software keys to decode the data.

read more

CMA CGM SA shutdown after attack with ransomeware

September 28, 2020

They shut down some of their technology systems as they coped with a cyberattack at two of their Asia-Pacific subsidiaries. As of Oct. 2nd, they were still working on restoring access to all information systems and their worldwide agency network was gradually being reconnected. They claim that the malware had not compromised any of its communications, including email, transmitted files and electronic data interfaces. People involved in the matter said the carrier was investigating an encryption malware attack and that it had been contacted by someone claiming to be a hacker who asked for ransom in return for a decryption key.

read more