IT and software consultancy firm Globant confirmed a data breach by the Lapsus$ data extortion group. Stolen data, consisting of administrator credentials and source code, was leaked by the threat actors. The hacking group released a 70GB archive describing it as “some customers source code.”
May 24, 2022: Cisco Hit in Cyber Attack, Data Taken
Cisco discovered a security incident May 24 targeting its corporate IT infrastructure, and took immediate action to contain and eradicate the attackers, officials said.
Cisco disclosed the incident Wednesday because the attackers published a list of files from the incident to the dark web.
In light of the attack, Cisco did not report any impact to its business, including it products, services, customer data, employee information, intellectual property or supply chain operations.
Cisco did say since the attack, the company has taken steps to remediate the impact of the incident and further harden its IT environment. In addition, the tech giant said no ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since discovering the incident.
August 1, 2022: Semikron ‘Holding Production’ after Cyber Attack
A German semiconductor maker with a focus on industrial automation systems and electric vehicles said it suffered a cyber-attack that resulted in data encryption, and as a result is “holding our production.”
Nuremberg, Germany-based Semikron, which claims to power 35 percent of the wind turbines installed globally each year, fell victim to the attack, the company said Monday. As a result of the attack on its IT system, the company is halting production for the time being.
“Due to the cyber incident, we are currently holding our production,” Semikron said in a statement to its customers on Thursday. As long as we cannot guarantee clearance of the cyber-attack completely from our systems, we will not have access to our landline or E-mail communication. We are however still reachable via our business mobile contacts.”
January 5, 2022: RansomHouse Databreach Extracted 450 GB of Data at Chipmaker AMD
After the last few years of disruption and amid the global chip shortage, the company has been attacked by the RansomHouse Extortion Group, which claims to have exfiltrated more than 450 GB of data. The RansomHouse gang did not initially release samples, but AMD acknowledged the breach.
"No, we haven't reached out to AMD as our partners consider it to be a waste of time: it will be more worth it to sell the data rather then wait for AMD representatives to react with a lot of bureaucracy involved," a RansomHouse representative told BleepingComputer. RansomHouse claims that the stolen data includes research and financial information, which they say is being analyzed to determine its value.
The threat actors have not provided any proof of this stolen data other than a few files containing information allegedly collected from AMD's Windows domain. This data includes a leaked a CSV containing a list of over 70,000 devices that appear to belong to AMD's internal network, as well as an alleged list of AMD corporate credentials for users with weak passwords, such as 'password', 'P@ssw0rd', 'amd!23', and 'Welcome1.'
December 12, 2020: Major Supply Chain Breach Involving the SolarWinds Orion System.
Over 18,000 SolarWinds customers installed malicious updates in three versions of its Orion monitoring and management software, with the malware spreading undetected. Through this code, hackers accessed SolarWinds’s customer information technology systems, which they could then use to install even more malware to spy on other companies and organizations.
The SolarWinds hack was a major event because it triggered a much larger supply chain incident that affected thousands of organizations, including tech giants and U.S. government agencies.
SHI International has confirmed that a malware attack hit its network over the 4th July weekend. SHI is a New Jersey-based provider of Information Technology (IT) products and services.
The company said in a statement: "SHI was the target of a coordinated and professional malware attack. Measures were enacted to minimize the impact on SHI's systems and operations. We are liaising with federal bodies including the FBI and CISA and there is no evidence to suggest that customer data was exfiltrated during the attack."
March 23, 2022: Largest Crypto Hack against a Decentralized Finance Network Hit Ronin Network (RON) Blockchain Network.
Earlier in March this year, Ronin Network (RON), a blockchain network underpinning the famous crypto game Axie Infinity and Axie DAO suffered the largest crypto hack against a decentralized finance network reported to date.
In May 2022, the United States issued an advisory according to which highly skilled hackers from North Korea were trying to get employed by posing as IT freelancers. Now, it has been revealed that Axie Infinity hacking was socially engineered in which North Korean government-backed hacker group Lazarus used a fake job offer to infiltrate Sky Mavis’ network by sending one of the company’s employees a PDF file containing spyware.
Lazarus’ involvement in such a high-profile hack should not come as a surprise. In January 2022, researchers from different crypto security firms concluded that North Korean hackers have so far stolen $1.3 billion from cryptocurrency exchanges across the globe, while their prime suspect in these hacks was the infamous Lazarus gang.
February 1, 2013: Security Firm Hacked
Bit9, a security firm that provides software reputation, application control and whitelisting services suffered a breach that left three of its customers infected with malware.
“Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network. As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware,” said Bit9 Chief Executive Patrick Morley.
This was a supply chain attack.
October 16, 2021: Acer Hit in Cyber Attack
After attackers infiltrated Acer’s servers in India, the company’s Taiwan office fell victim to a breach this past weekend.
On October 16, Desorden hackers said they obtained login details belonging to employees of Acer’s Taiwanese branch. That came three days after the attack group breached Acer India’s servers. The attack group apparently found vulnerabilities on Acer’s Malaysian and Indonesian network as well, according to a report with Privacy Affairs.
September 8, 2021: Olympus Hit by Ransomware Attack
Olympus is now investigating the ransomware attack, and the company said the incident occurred in the Europe, the Middle East, and Africa (EMEA) regions, and it happened September 8.