news

Breaking Cyber News From Cyberint

Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.

  • Nov 22, 2024

    • Finastra
    • Finance
    • Business Services
    • Abyss0
    • Finastra - Breach - 2024-11-08
    • Europe
    • breach
    • United Kingdom

    Data Breach on Finastra by "abyss0"

    On November 08, 2024, a threat actor named "abyss0" claimed that he successfully breached Finastra's ESB system and was able to exfiltrate with an approximate archive size of ~400GB, which mainly consists of internal files along with data backup copies. The threat actor offered the complete data package for sale on BreachForums. Meanwhile, Finastra stated that on November 07, 2024, their Security Operations Center detected suspicious activity on an internal SMTP server running under IBM Aspera. They isolated the affected server and initiated their incident response process. A few days later, the threat actor deleted all his posts related to the breach in underground forums and marketplaces.

  • Nov 21, 2024

    • Cve-2024-9474
    • Cve-2024-0012
    • CVE-2024-0012
    • CVE-2024-9474

    As many as 2,000 Palto Alto Network Devices Have Been Estimated of Being Compromised

    The management web interface of Palo Alto Networks, associated with CVE-2024-9474 and CVE-2024-0012, is currently being actively exploited in the wild. This exploitation has resulted in an estimated 2,000 network devices being compromised.

  • Nov 20, 2024

    • Technology
    • Grep
    • Software
    • United States Of America
    • exclusive
    • Portnov Computer School

    Portnov Computer School - Database Leak- 2024-11-20

    Portnov Computer school - a career change facility institution has been compromised on November 17th due to the exploitation of a critical vulnerability found within their Confluence data center according to the breachforums Threat Actor 'grep'. The data leak includes a supposed dump of their Atlassian - Confluence source code, configurations, internal logs, attachments, plugins, tools, applications and more.

  • Nov 18, 2024

    • Israel
    • Anonymous For Justice
    • Finance
    • Asia
    • Middle East

    'Anonymous for Justice' Leaks Alleged Breached Data of Financial Institutions in Israel

    'Anonymous for Justice' has leaked what they claim to be breached data from Israeli financial institutions on their Telegram channel. Last week, the group announced plans to carry out a cyberattack on November 15th. Today, they published the allegedly compromised data, reportedly obtained during this attack. The leaked information includes PDF files containing reports and invoices, as well as RAR files and other documents.

  • Nov 14, 2024

    • Corndb
    • Israel
    • Asia
    • Middle East
    • Paz Oil Company

    Exclusive Access to 'Paz' Oil Company Offered for Sale

    Exclusive access to the Israeli oil company 'Paz' is being offered for sale on the cybercrime forum 'BreachForums' by a threat actor known as 'CornDB' for $150,000. According to the threat actor, this access enabled them to acquire a 5TB cache of sensitive data, including proprietary information, financial records, and operational details. The offer is described as a one-time, exclusive sale. The threat actor has not provided any samples.

  • Nov 13, 2024

    • South-Eastern Asia
    • Gr3Ggm3Rc3R
    • Philippines
    • Government
    • Asia
    • breach
    • Egov Ph

    eGov PH System Breach Exposes 200,000+ User Records

    A hacker known as GR3GGM3RC3R claims to have exploited a vulnerability in the Philippine government's eGov PH system, gaining access to sensitive KYC (Know Your Customer) data of over 200,000 users. The attacker reportedly bypassed the system's firewall and obtained root access, which allowed for ongoing data extraction. The compromised data is now being offered for sale online for $100,000 in Bitcoin. This breach has raised significant concerns about the security of government digital services, with critics highlighting the inadequate monitoring of the system. The Department of Information and Communications Technology (DICT) has not yet issued a statement regarding the incident.

  • Nov 13, 2024

    • South-Eastern Asia
    • ransomware
    • Ransomhub - Krypton International Resources - Ransom - 2024-09-18
    • Philippines
    • Energy
    • Asia
    • Krypton International Resources
    • Ransomhub

    Krypton International Resources Hit by Ransomhub

    Krypton International Resources Inc., a significant entity in the energy sector, has experienced a major data breach carried out by the RansomHub Ransomware Group. This attack led to the public exposure of 68 GB of sensitive data, which is now available on RansomHub’s website. The breach includes personal information such as high-resolution scans of Philippine driver’s licenses, revealing full names, addresses, and ID numbers, thereby increasing the risk of identity theft. Krypton Resources is recognized for its efforts in developing advanced materials that aim to reduce environmental impact. The full extent of the attack and any potential data loss are still unclear. Authorities are currently investigating the incident, and cybersecurity experts are urging companies to enhance their defenses against similar threats.

  • Nov 11, 2024

    • Financial Theft
    • United Kingdom
    • Phishing
    • Europe

    UK Scammers Target Seniors with Fake Winter Fuel Payment Texts

    Scammers target UK seniors with fraudulent texts, posing as government authorities offering "winter heating allowance" payments. These messages direct recipients to fake government sites that mimic GOV.UK pages, seeking personal and financial details. The campaign capitalizes on recent government cuts to winter fuel payments, making the scam appear more credible to seniors expecting aid. Recipients are advised to avoid clicking links and to report suspicious texts.

  • Nov 08, 2024

    • South-Eastern Asia
    • Armed Forces Of The Philippines (Afp)
    • Philippines
    • Government
    • Asia
    • breach

    Data Breach on Armed Forces of the Philippines

    On October 23, 2024, a threat actor who goes by the name "FATHER121" posted on BreachForums regarding exfiltrated sensitive and confidential data from Armed Forces of the Philippines (AFP). The threat actor is claiming that the total size of the documents is over 500MB and being sold for 1.5 BTC (around 4M Philippine Pesos as of this writing) which is a bit overpriced based on Cyberint's perspective. However, if the data package really contains very sensitive military intelligence information, then, this might be interesting for criminals from other countries who wants to target the Philippines.

  • Nov 08, 2024

    • Credentials From Password Stores
    • South-Eastern Asia
    • Philippines
    • Asia
    • leak
    • Credentials From Web Browsers
    • Department Of Information And Communications Technology (Dict)
    • infostealer

    Several Access for DICT Subdomains Hosting cPanel Offered in the Underground

    On November 03, 2024, a threat actor named "GR3GGM3RC3R" posted in BreachForums regarding exposed cPanels for several subdomains of the Department of Information and Communications Technology (DICT) in the Philippines. The threat actor is claiming that he obtained several access to these exposed cPanels via InfoStealer logs. All the credentials are being sold in the underground for 60,000 USD. The following are the affected Subdomains where the cPanel portals are being hosted: - dict.gov.ph - bonifacio.dict.gov.ph - vaslinelist.dict.gov.ph - bahaghari.dict.gov.ph - pmis.dict.gov.ph - r4b.dict.gov.ph - caraga.dict.gov.ph - intranet.dict.gov.ph The threat actor is also the one claiming behind the past breaches on Toyota Makati (October 25, 2024), Office of the Sangguniang Panlungsod of Davao (October 29, 2024), and Cybercrime Investigation and Coordinating Center (November 04, 2024).

  • Nov 05, 2024

    • Grep
    • Western Europe
    • Europe
    • Manufacturing
    • France
    • Schneider Electric

    grep Claims to have Breached Schneider Electric, Stealing Over 40 GB of Data along with Projects, Plugins and Customer and Employee Information

    In November 2024, the threat actor grep claimed to have breached Schneider Electric, a France-based energy industry company, and to have gained access to its Jira Server. According to the threat actor, over 40 GB of data were stolen along with 400 thousand user data rows and 75 thousand unique email addresses and full names of Schneider Electric employees and customers using exposed credentials. The attacker also claimed to have obtained critical project data, issues, and plugins.

  • Nov 05, 2024

    • Nokia
    • Intelbroker
    • Northern Europe
    • Finland
    • Europe
    • Energyweaponuser
    • Telecommunications

    Threat Actors IntelBroker and EnergyWeaponUser claim to Have Breached Nokia, Leaking Source Code, SSH and RSA Keys, Along With Credentials

    In November 2024, the threat actors named "IntelBroker" and "EnergyWeaponUser" claimed to have breached Nokia and gained access to its database. According to the threat actors, a large collection of data belonging to Nokia was taken, including SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials.

  • Nov 03, 2024

    • Acquire Access
    • Compromise Accounts
    • Play
    • Andariel
    • Impair Defenses

    North Korean Group Partners with Play Ransomware in Major Cyber Attack

    The North Korean threat group "Jumpy Pisces" (aka Andariel) has collaborated with the Play ransomware gang in a significant cyberattack, marking the first known partnership between a state-sponsored actor and Play ransomware. Between May and September 2024, Jumpy Pisces infiltrated systems and leveraged Play ransomware, likely for financial gain amid sanctions. Their approach included credential harvesting and command-and-control tools, with evidence suggesting increased ransomware threats from North Korean actors.

  • Oct 28, 2024

    • ransomware
    • Blackcat Ransomware Group Linked To Cyberattack On Optum'S Change Healthcare Platform
    • Optum
    • Healthcare
    • Finance
    • Alphv
    • Unitedhealth Group

    Change Healthcare's February Ransomware Incident Affected 100 Million Victims

    Change Healthcare disclosed that at least 100 million people were affected by the February breach. Those affected had their social security numbers and billing information at risk, also including other sensitive PII information

  • Oct 28, 2024

    • Redline Stealer
    • Fbi
    • Metastealer

    Authorities Seize Redline and Meta Infostealer Operations

    The Dutch National Police, in collaboration with the FBI and international partners, seized the infrastructure supporting the Redline and Meta infostealer malware in a major effort called "Operation Magnus." Announced on a dedicated website, authorities confirmed that legal proceedings are underway based on the captured data. The October 28, 2024, operation aimed to warn threat actors that their activities and data are now under law enforcement control.

  • Oct 22, 2024

    • Education
    • Israel
    • Darkraas
    • Asia
    • Middle East

    Remote Access to Israeli Technological College Servers Offered for Sale

    A threat actor known as 'DarkRaaS' is offering remote access to 10 servers belonging to an Israeli technological college. The access is priced at $10,000, though no sample data has been provided to verify the breach.

  • Oct 16, 2024

    • Education
    • Western Europe
    • Paris 1 Panthéon-Sorbonne University
    • exclusive
    • Government
    • Europe
    • Magouilleur
    • France

    Data Breach at Sorbonne University Exposes Personal Information of Over 73,000 Users

    In a recent post on BreachForums, the TA Magouilleur claimed to have uploaded sensitive data from Université Paris 1 Panthéon-Sorbonne, affecting more than 73,000 users. The data stolen in September 2024 includes login IDs, email addresses, names, studies, photos, and other personal information. The post indicated that 26 files were made available, along with a sample file. According to the post, the data includes easily identifiable personal details, which could be exploited for malicious purposes.

  • Oct 15, 2024

    • Sarcoma
    • South-Eastern Asia
    • Suntrust Properties
    • ransomware
    • Real Estate
    • Philippines
    • Asia
    • Sarcoma - Suntrust Properties - Ransom - 2024-10-09
    • breach

    Sarcoma Ransomware Group Attacked Suntrust Properties

    A new threat group, known as Sarcoma Ransomware, recently attacked Suntrust Properties in the Philippines. The attack has led to a massive amount of data exfiltrated (around ~1TB in size) by the threat actor. The leaked information includes confidential files and SQL databases. Sample data has been released by the ransomware group, which mainly includes: - Professional Regulation Commission (PRC) Identifications (IDs) of employees and clients - Government-issued Identifications, such as driver’s licenses and police identification cards - Legal Documents, such as property transaction contracts and buyer acceptance forms - SQL databases containing corporate data related to real estate operations

  • Oct 15, 2024

    • Technology
    • Intelbroker
    • Zjj
    • United States
    • North America
    • Energyweaponuser
    • Cisco

    Threat actors IntelBroker and EnergyWeaponUser Claim To Have Breached Cisco, Leaking API Tokens And Data Belonging To Its Customers

    On October 6, 2024, the threat actors "IntelBroker," "EnergyWeaponUser," and "zjj" announced the sale of data from a recent Cisco breach. The compromised data includes GitHub and GitLab projects, SonarQube projects, source code, hardcoded credentials, certificates, customer SRCs, confidential Cisco documents, Jira tickets, API tokens, AWS private buckets, Docker builds, Azure storage buckets, private and public keys, SSL certificates, and details on Cisco premium products. Several major companies, including Verizon, AT&T, Bank of America, Barclays, British Telecom, Microsoft, Vodafone, and Chevron, are reportedly affected.

  • Oct 13, 2024

    • Technology
    • Israel
    • Darkraas
    • Asia
    • Middle East

    Access to Compromised Servers of Israeli IT Firm Offered for Sale

    A threat actor known as 'DarkRaaS' is offering access to six compromised servers from an Israeli IT and cloud infrastructure company. The servers reportedly have a capacity of 6TB. The access is being sold for $30,000, but the threat actor has not provided any sample data to confirm the breach. The name of the targeted company was not disclosed.

  • Oct 13, 2024

    • Middle East
    • Asia
    • Israel
    • Darkraas

    Israeli Municipality Network Access Offered for Sale on Cybercrime Forum

    A threat actor known as 'DarkRaaS,' associated with the 'DarkSide Group,' is offering full network access to the cloud infrastructure of an Israeli municipality for sale on the cybercrime forum 'Breached.' The access is priced at $15,000, though no sample data has been provided to verify the breach.

  • Oct 10, 2024

    • Finance
    • global

    Threat Actors Exploit GitHub Trusted Reputation to Distribute Malware

    In a concerning development, threat actors are once again leveraging GitHub’s reputation to bypass security gateways. They are observed distributing malicious GitHub repository links within the comments of trusted repositories to spread malware. Organizations with open-source repositories that permit comments are particularly vulnerable to this attack. Malicious actors can submit comments linking to malicious code , which may then be embedded in a subdirectory of the organization’s main open-source code or archive which can be accessed. Even with the comment removed the file is archived and the link to the malware can remain alive. This also has the opportunity to be a drive-by attack vector for other malware types. Organizations should consider adding additional measures to block Github links that may bypass secure email gateways' security. Add additional warning messages so users are aware of the potential risks, or configure certain policies to protect against unsolicited downloads from GitHub.

  • Oct 10, 2024

    • Handala
    • Doscast
    • Israel
    • Asia
    • Middle East

    'Handala' Claims Breach of Israeli Podcast Website 'Doscast'

    The hacker group 'Handala' claims to have breached the Israeli podcast website 'Doscast,' allegedly gaining access to 3 million data entries belonging to over 100,000 users. The compromised data reportedly includes email addresses, names, phone numbers, and other personal details.

  • Oct 10, 2024

    • Israel
    • Finance
    • Darkraas
    • Asia
    • Middle East

    Access to Over 85,000 Records from Israeli Loan Company Offered for Sale

    A threat actor known as 'DarkRaaS,' affiliated with the 'DarkSide Group,' is offering access to over 85,000 records from an undisclosed Israeli loan company for sale on the cybercrime forum 'Breached.' The records reportedly include sensitive personal and financial data, such as loan application statuses, mortgage information, full names, and residential details. The seller is asking for $50,000 but has not provided any sample data to verify the breach.

  • Oct 10, 2024

    • United States
    • Finance
    • breach
    • Moneygram International
    • Moneygram - Breach - 2024-09-20

    Data Breach on Moneygram

    On October 07, 2024, MoneyGram Payment Systems, Inc. released an official statement that they had been a victim of a cyber-attack. According to the company, the incident began on September 20, 2024, which led to some disruption in their operations that lasted more than three (3) days. On September 27, 2024, the company detected that threat actors gained unauthorized access to their network and systems between September 20 to 22, 2024. This data breach impacted several customers' information, including names, contact information (such as phone numbers, email and postal addresses), dates of birth, Social Security numbers, copies of identification documents, bank account numbers, MoneyGram Plus Rewards numbers, transactional data, and some criminal investigation information. As per Moneygram, the investigation for this breach is still ongoing.

  • Oct 08, 2024

    • South-Eastern Asia
    • Dnh@Klammer
    • Deathnote Hackers
    • Philippines
    • Mb Villar Group
    • breach
    • Villar Group - Breach - 2024-09-20

    Over 2.3M Records for Sale: Villar Group hit by Massive Data Breach conducted by DeathNote Hackers

    The vigilante hacker group "DeathNote Hackers" has reportedly breached the Villar Group of Companies. The group claims to have accessed 11 million records containing information about transactions, employees, and clients of the Villar conglomerate but has partially released 2.3 million records, including customer names, contact numbers, addresses, emails, bank details, company names, payslips, employee information, passwords, and production files. The breach is said to have affected various Villar-owned brands, such as: Camella, Lumina Homes, Brittany Corporation, Golden Haven, MGS Construction, PAVI, Vista Land and Lifescapes, Starmall, Bria Homes, AllBank, AllHome, Kratos ResInc

  • Oct 06, 2024

    • Israel
    • Mossad
    • Asia
    • Middle East
    • Lordzeroday

    Alleged Mossad Database Offered for Sale on 'BreachForums'

    A database allegedly containing confidential documents related to the 'Mossad' has been offered for sale on the cybercrime forum 'BreachForums' by a threat actor named 'LordZeroDay.' The samples provided by the threat actor include names, phone numbers, city of residence, and more.

  • Oct 04, 2024

    • Retail
    • Adobe
    • global
    • vulnerability
    • Global

    Widespread E-commerce Websites Compromised Due to Critical CosmicSting Vulnerability

    Allegedly, 5% of all Adobe Commerce and Magento stores were compromised due to CVE-2024-34102 (also known as a Magecart attack) since its catalog in mid-July 2024. E-commerce sites that were not patched resulted in the potential silent exfiltration of payment card information to threat actors’ command and control (C2) servers. Combined with other vulnerabilities such as CVE-2024-2961 threat actors can also initiate remote code execution (RCE) and install back-door access to servers for persistence access.

  • Oct 04, 2024

    • South-Eastern Asia
    • Toyota Bicutan
    • Ikaruz Red Team
    • Philippines
    • breach

    Toyota Bicutan Philippines Breach by Ikaruz Red Team

    Following the recent attacks on other Toyota branches in the Philippines, another branch got breached - this time by Ikaruz Red Team. The breach was discovered on September 27, 2024, after the threat group posted the breach information in BreachForums. The breached data mainly contain sensitive customer data, including names, vehicle details, service repair information, and billing/transaction data.

  • Oct 04, 2024

    • Medusa - Azpired - Ransom - 2024-09-18
    • ransomware
    • Azpired
    • Philippines
    • Medusa
    • Southern Asia

    Ransomware Attack on Azpired

    Azpired is an outsourcing service center with a number of locations in the Philippines, three offices in Cebu and Cagayan De Oro City. On September 18, 2024, it was discovered that Azpired got hit by a ransomware attack conducted by Medusa Ransomware group. The breach exposed ~200GB worth of sensitive employees and clients data that has already been leaked in several underground forums and channels. The exposed data mainly contains the following: - Employees PIIs, such as identification documents, contact information, and financial records. - Clients PIIs and financial transaction data As of this writing, Azpired still hasn't released any official statement regarding the ransomware attack.

  • Oct 02, 2024

    • Retail
    • Grep
    • Germany
    • Western Europe
    • Sportstech
    • Europe

    Sportstech - Breach - 2024-09-30

    In September 2024, the threat actor "grep" leaked the Sportstech database on a darknet forum following a data breach affecting the German fitness brand. The breach involved the personal information of 44,248 individuals, including names, email addresses, phone numbers, zip codes, countries, states, and registration dates.

  • Oct 02, 2024

    • Erasmus
    • Education
    • exclusive
    • European Union
    • Suspect
    • Europe

    Erasmus+ Database Leaked

    A threat actor with the alias "suspect" posted 230MB of data pertaining to Erasmus+ on Breached Forums. According to the provided sample, the data includes identifiers such as partner ID, id_participant participant ID, names, passwords, email addresses, and more.

  • Sep 26, 2024

    • Grep
    • Europe
    • Healthcare
    • exclusive
    • Md Diamonds
    • United Kingdom

    Breached database of MD Diamonds And Jewellers is leaked on BF

    In a post on Breached Forums, a threat actor named grep shares the breached database of the UK company MD Diamonds And Jewellers. According to the post, the breach occurred in September 2024, and the database he shares contains 2 million lines of contacts, private messages between customers and their data, certificates, and other internal data. A sample of the data is attached to the post. In the post, the TA attributes the attack to himself.

  • Sep 26, 2024

    • Rdp Hijacking
    • Dashoar
    • Manufacturing
    • exclusive
    • Sweden
    • Europe

    RDP access to a Swedish company in the industrial sector is for sale

    A threat actor named "dashoar" is selling unauthorized RDP access to a Swedish company in the industrial machinery and equipment sector for a negotiable price. According to the claim, the targeted company generates an annual revenue of $9.7 billion.

  • Sep 25, 2024

    • Mexico
    • Cobraegyleaks
    • Education
    • exclusive
    • Government
    • Latin America And The Caribbean

    Mexico 130K Lines Combolist exposed

    The threat actor "CobraEgyLeaks, posted on the cybercrime forum known as "BreachForums," an EMAIL:PASS (Username and Password) combo list with over 130K lines. According to the file, the emails are related to multiple government, educational, and private companies from Mexico. Anyone with access to this information could potentially try to brute force into specific websites, putting at risk to the users and relevant companies.

  • Sep 24, 2024

    • Handala
    • Israel
    • Government
    • Asia
    • Middle East

    'Handala' Claims to Have Leaked Internal Emails of Israeli Politician Benny Gantz

    The 'Handala' group claims to have leaked 35,000 internal email correspondences belonging to Israeli politician Benny Gantz. The leak was uploaded to the group's website.

  • Sep 23, 2024

    • 888
    • Tiendup
    • Argentina
    • Latin America And The Caribbean

    Tiendup e-commerce platform Data breach

    The threat actor **888** offered on the cyber crime forum "BreachForums" a potential Database of the e-commerce for digital businesses "TiendUp". According to the threat actor, the file contains more than 47K rows of Order information as well over 300K unique emails. The compromised data includes: First Name, Last Name, Email Address, Phone Number, Date Created, Currency, Total Amount, Promo Code, Payment Status, Payment Method, Delivery Status, Quantity, Price, etc.

  • Sep 22, 2024

    • Народная Cyberармия
    • Liquid Blood
    • exclusive

    People's CyberArmy and Liquid Blood have announced alliance

    In a Telegram post by People's CyberArmy (Russian- Народная CyberАрмия) they announce: "Today we have entered into an alliance with a young but extremely promising team- Liquid Blood. We hope for long and fruitful cooperation." Both are pro-Russian hacktivist groups.

  • Sep 22, 2024

    • Liquid Blood
    • Noname
    • exclusive

    NoName and Liquid Blood have announced a new alliance.

    On their Telegram channel they posted- "The enemy is not slumbering - that's why we must build up our collective cyber fist to fight back the banderites and other evil!" Both of the groups are known for their pro-Russian activities; they have recently been targeting Ukraine, Taiwan, Sweden, France, the UK, South Korea, Australia, and Kenya.

  • Sep 22, 2024

    • Ukraine
    • exclusive
    • Government
    • Europe
    • Ukraine Ministry Of Justice
    • I2Ptard

    Email data for the Ministry of Justice of Ukraine offered for sale

    A post by the threat actor i2ptard on onniforums offers access to an email data belonging to Ukraine's Ministry of Justice (mail.minjust.gov.ua). The seller claims the email follows a specific format based on location and department codes and includes a significant number of files, such as Word documents (docx), PDFs, and some database files (mdb). The account is offered for sale at 1 Monero (XMR), with the TA willing to use escrow for the transaction and provide proof of access by sending an email from the compromised account.

  • Sep 20, 2024

    • Philippines
    • Government
    • breach
    • Philippines Department Of Foreign Affairs (Dfa)

    Alleged Breach on Personal Data of 28 Million Philippine Passport Holders

    The Department of Foreign Affairs (DFA) in the Philippines revealed that the personal data of 28 million passport holders may be compromised due to the national printing office's failure to implement sufficient cybersecurity protections. This issue came to light during a Senate hearing, raising concerns about the security of sensitive information. The DFA is now working to address these vulnerabilities to protect the data of passport holders moving forward.

  • Sep 20, 2024

    • South-Eastern Asia
    • Deathnote Hackers - Government Service Insurance System (Gsis) - Breach / Defacement - 2024-09-12
    • Deathnote Hackers
    • Philippines
    • Government
    • Asia
    • breach
    • Government Service Insurance System (Gsis)

    Government Service Insurance System (GSIS) Breach by DeathNote Hackers

    On September 12, 2024, DeathNote Hackers revealed that they breached the Government Service Insurance System (GSIS), accessing its system using an administrator account without detection. They manipulated modules and apps, pointing out that the IT department failed to notice any red flags. This highlights serious vulnerabilities in GSIS's security and monitoring systems. The hackers warned that if this had been a malicious attack, the damage could have been significant. They emphasized the importance of addressing these security gaps to prevent future exploitation, especially from more dangerous actors. The incident calls for an urgent review of GSIS's cybersecurity defenses.

  • Sep 19, 2024

    • Handala
    • Israeli Industrial Batteries
    • Israel
    • Asia
    • Middle East

    'Handala' Claims Breach of Israeli Producer of Industrial Batteries 'IIB'

    The hacker group 'Handala' claims to have breached 'IIB' (Israeli Industrial Batteries), a producer of industrial batteries, as part of their OPIsrael campaign. According to the group, they obtained 6 TB of sensitive data, including emails, financial and administrative documents, design files, and more, though no samples have been provided yet.

  • Sep 19, 2024

    • Handala
    • Israel
    • Asia
    • Middle East
    • Vidisco X-Ray

    'Handala' Claims Breach of Israeli Defense and Space Manufacturer 'Vidisco X-ray'

    The hacker group 'Handala' claims to have breached the Israeli defense and space manufacturer 'Vidisco X-ray,' which they allege collaborates with the Israeli Ministry of Defense, as part of their OPIsrael campaign. According to the group, they obtained 10 GB of confidential company information, including design and development documents. They have also released samples of the purportedly breached data.

  • Sep 18, 2024

    • Mimichan
    • Argentina
    • Club Atlético Vélez Sarsfield
    • Latin America And The Caribbean

    Database of Velez Sarsfield Club members for sale

    The threat actor MimiChan is offering for sale on the cyber crime forums know as "BreachForums" a database of over 180K members of the Football club Club Atletico Velez Sarsfield. According to the threat actor, the database includes personal information such as member status, ID, alias, full name, address, phone, CUIT, Picture, etc. A sample with a potential proof of access was also shown. No specific selling price was posted.

  • Sep 18, 2024

    • India
    • Sorb
    • Bharat Petroleum
    • Energy
    • Asia
    • Southern Asia

    A Threat Actor Claims To Have Breached Fortune 500 Company Bharat Petroleum

    On September 3, 2024, the threat actor "Sorb" claimed to have breached Bharat Petroleum, a service for purchasing and delivering bottled gas. According to the threat actor, the dataset comprises 592 CSV tables totaling 143 gigabytes, with the main orders table containing 148 million rows, including 21 million unique entries. The compromised data includes personal information such as phone numbers, names, delivery addresses, and additional details related to delivery, payment, and order lists. The data is being offered for $1,500.

  • Sep 17, 2024

    • Retail
    • United States
    • Aerodactyl
    • North America
    • Temu

    Threat Actor Claims To Have Breached Temu And To Have Stolen 87 million Records

    On September 16, 2024, the threat actor "Aerodactyl" announced that a database from the company Temu is up for sale. According to the threat actor, this database, which was accessed via a subdomain contains over 87 million lines of data. The sample provided includes various personal details such as names, addresses, phone numbers, and more.

  • Sep 17, 2024

    • N1K7
    • Taiwan
    • Asia
    • 303
    • Chunghwa Telecom
    • Telecommunications
    • Eastern Asia

    Threat Actors Claim To Have Breached Taiwan's Biggest Telecommunications Company - Chunghwa Telecom

    In September 2024, the threat actors "303" and "N1k7" claimed to have breached Chunghwa Telecom, a Taiwan-based Telecommunications company, and to have gained access to its database. According to the threat actor, 400GB of data belonging to Chunghwa Telecom's customers, including sensitive information and documents, was taken.

  • Sep 16, 2024

    • United States
    • North America
    • Manufacturing
    • Zerosevengroup
    • Caterpillar

    Threat Actors Claim To Have Exfiltrated 80 GB Of Data Belonging To Caterpillar

    In September 2024, the threat actor group ZeroSevenGroup claimed to have breached CAT (Caterpillar Inc.), alleging the theft and release of 80GB of data. This purportedly includes sensitive information such as projects, employee and customer details, financial records, engine and machinery designs, and email communications.

  • Sep 15, 2024

    • Israel
    • Zerosevengroup
    • Asia
    • Middle East
    • Government

    Database of Israeli Defense Companies Offered for Sale on a Cyber Crime Forum

    The threat actor group “ZeroSevenGroup" offers for sale a database allegedly related to several Israeli companies from the defense sector. According to the group, the database contains confidential governmental information, such as contracts from secret meetings with governments and companies, reports on organizations purportedly tied to Israel, and sensitive data on diplomatic and military relations, defense technologies, airports, ports, etc. The database is priced at 200K XMR (Monero) and is allegedly being offered exclusively to seven entities: Hamas, Hezbollah, Houthis, the Iranian government, Kata'ib Hizballah, the Russian government, North Korean government, and Chinese government.

Ready to
experience hyper-relevance?

See Argos Edge in action!

Schedule a demo

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start