Weekly Cybersecurity Report | Week 1, 2024

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a comprehensive overview of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 1, 2024

1 – A pro-Hamas cyber group claims a cyber attack on Elon Musk’s SpaceX in retaliation for his support for Israel, threatens ‘cyber war’ against the US and Europe 

On December 15, 2023, a pro-Hamas hacking group claimed to have carried out a cyber attack on SpaceX, owned by entrepreneur Elon Musk, in retaliation for Musk’s support of Israel in the ongoing Israel-Hamas war. 

During a visit to Israel in late November, Musk met with Israeli Prime Minister Benjamin Netanyahu and toured an Israeli community that was attacked by Hamas on October 7. On Telegram, the hacking group published “Part One of the SpaceX Leaks”, an Excel file containing the names and email addresses of 12,529 SpaceX employees. 

 https://www.memri.org/cjlab/pro-hamas-cyber-group-claims-cyber-attack-elon-musks-spacex-retaliation-his-support-israel 

2 – Kraft Heinz has confirmed that their systems are working normally and that there is no evidence that they were hacked after an extortion group listed them on a data leak site. 

The company is one of the largest food and beverage companies in the world, with over 37,000 employees operating out of 40 countries. The company owns many well-known brands, including Oscar Mayer, Kool-Aid, Philadelphia, Lunchables, Maxwell House, and many more. 

In a post to the Snatch Group data leak site from August 16, the threat actors claim to have hacked Kraft Heinz. 

https://www.bleepingcomputer.com/news/security/kraft-heinz-investigates-hack-claims-says-systems-operating-normally/ 

3 – The Indian technology giant HCL reports that it is suffering from a ransomware attack. 

In a report published by the company to the stock exchange in India, it states that because of the attack, it had to disconnect some of the systems from the network, but business activities continue as usual. 

HCL is one of the largest technology companies in the world, employing 225,000 people in 52 countries. 

At this point, no infidel group has claimed responsibility for the attack. 

4 – VF Corporation, responsible for brands such as Vans, Timberland, North Face and more, is suffering from a ransomware attack. 

In the report published by the company to the stock exchange, it states that the attackers stole information and succeeded in encrypting some of the servers. 

The company also reports that disruptions will be felt in business activity until recovery from the incident. 

VF Corporation employs approximately 35,000 people and its annual revenues are ~11.6 billion dollars. 

5 – Iran: A cyber attack shut down dozens of gas stations in the capital. 

Officials in the Iranian opposition reported an extensive cyber attack on a variety of targets in the country, a newspaper affiliated with the reformist camp reported long queues for fuel and various disturbances in Tehran. 

The Sharjah newspaper, which is affiliated with the reformist camp, also reported on long lines at the gas stations that remained active. It was also reported that traffic lights were disrupted in various neighborhoods. The newspaper said that the authorities are investigating the cause of the disturbances and did not mention that it was a cyber attack. 

The country’s state television reported on “disruption of service at several gas stations in Tehran” and refrained from stating a reason for the incident. However, sources associated with the opposition reported that it was indeed a cyber attack that affected several different government services. 

https://www.israelhayom.co.il/news/world-news/middle-east/article/14966501 

6 – MongoDB reports that an unauthorized party managed to access customer information. 

At this stage the company claims that the disclosed information includes metadata and customer contact details. 

In the notice that the company publishes (Mtchav) it states that the identification of the attacker was on 13.12 but apparently the attacker spent some time on the network before being identified 

7 – The company ESO Solutions, which provides systems and services to healthcare organizations, reports that due to a ransom attack, information of 2.7 million patients was leaked. 

The company claims that the attack began in September and the identification of the information leak occurred in October. 

“We have taken all reasonable steps to prevent the leaked data from being published”… 

No ransom group has claimed responsibility for the attack and the company’s wording smells like a ransom payment. 

8 – The Blackbasta group claims to have hacked into the Israeli company Navitas and that it holds 330GB of information, including sensitive information. 

Navits Petroleum is an Israeli limited partnership engaged in the exploration and development of oil and natural gas assets in Canada, and in North America in the Gulf of Mexico region of the United States. The company is traded on the Tel Aviv Stock Exchange. 

The deadline for paying the ransom is next week. 

9 – The communications company Xfinity reports a leak of customer information after attackers managed to penetrate the corporate network by exploiting a weakness in a Citrix product. 

The company, which provides internet, television and telephone services, claims that the attackers managed to steal, among other things, sensitive information and that following the attack they were forced to proactively reset customers’ passwords. 

Please note that the company states that the attackers were online from 10.16. 

That is, a week after an update to the weakness in question (Citrixbleed) was already released. 

Attackers don’t waste time, make sure to update systems as early as possible. 

10 – The central bank in the country of Lesotho in South Africa is suffering from a cyber attack that broadly affects the bank’s services. 

Following the attack, which began earlier this week, the bank had to disable several systems and services. In a later announcement it was reported that it is not possible to make money transfers between local banks. 

At this point it is not known who the group is responsible for the attack. 

11 – The company Asper Biogene, which deals with the detection of hereditary diseases, reports that sensitive information of about 10,000 customers was leaked. 

According to the company, among the stolen information is also information that includes genetic tests. 

12 – The largest dental insurance company in the US, Delta Dental reports that information of about 7 million customers was leaked. 

In a report published by the company, it confirms that the information was stolen after exploiting the weakness in the MOVEit system (remember?) and that the attackers (the CL0P group) were able to access sensitive customer information, including medical information. 

13 – Customers of the Ubiquiti company report that the system revealed to them information belonging to other customers. 

Online reports indicate that users were able to view the cameras of other customers and even received alerts if suspicious movements were detected on those cameras. 

The company responded that due to faulty settings during an upgrade performed by the company, information of a certain group of customers was exposed to another group of customers. 

14 – The Electric Company of Serbia EPS is under an unprecedented cyber attack 

Elektroprivreda Srbije (EPS) is the third energy company in the Southeast European region to face a cyber attack or the threat of a cyber attack during the last 16 months. Slovenia’s Holding Slovenske Elektrarne (HSE) was in a similar situation at the end of November, while Montenegro’s Elektroprivreda Crne Gore (EPCG) faced cyber threats in August last year. 

EPS is recovering from an unprecedented crypto attack, which did not endanger production, nor electricity supply, and all electricity trading activities were conducted smoothly and by the company’s obligations, EPS said in a press release. 

All safeguards have been taken to protect the system and protect information security. 

For security reasons, the IT systems have been taken out of operation until the experts can be sure that the attacker has been eliminated, the company emphasized. 

https://balkangreenenergynews.com/serbias-power-utility-eps-under-unprecedented-hacker-attack/ 

 

The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.