This Week in Cybersecurity: April 22 – April 26, UnitedHealth Group Pays Ransom

This Week in Cybersecurity: April 22 – April 26, UnitedHealth Group Pays Ransom
Table of Contents
    Add a header to begin generating the table of contents

    UnitedHealth Group Pays Ransom, Hackers leak Code of El Salvador’s Chivo Wallet, Volkswagen Breached, Synlab Italia hit by ransomware, Frontier Communications Cyberattack Disrupts IT Systems

    UnitedHealth Group Confirms Ransom Payment

    UnitedHealth acknowledged it paid ransom to BlackCat/ALPHV to prevent leak of 6TB patient data stolen in February’s Optum attack. As services were disrupted, “Notchy” joined RansomHub to extort UnitedHealth again by leaking screenshots. To safeguard further exposure, UnitedHealth paid the ransom to RansomHub to remove it from their list. Read more

    Source Code for Chivo Bitcoin Wallet Leaked

    Hackers leaked source code and documentation for Chivo, El Salvador’s official bitcoin wallet, revealing backend operations details and sensitive customer data. Hackers can now exploit potential vulnerabilities in how the wallet handles funds, authenticate users, and interact with the network as they wish. Read more

    Volkswagen Records Stolen in Chinese Hack

    A five-year Chinese state-backed hack of Volkswagen extracted over 19,000 documents on engines, transmissions and electric vehicles. Attackers infiltrated networks to repeatedly steal valuable intellectual property between 2010-2015 by accessing internal documents and engineering records. Read more

    APT28 Targets Windows Print Spooler

    Microsoft warned that the state-backed hacking group APT28 is using a new tool called GooseEgg since June 2023 to exploit a Windows Print Spooler vulnerability, enabling elevation of privileges for unauthorized accessing of networks and stealing of credentials. Read more

    Synlab Italy Services Halted by Ransomware

    A ransomware attack on April 18th forced the shutdown of Synlab Italy’s IT systems, temporarily stopping diagnostic laboratory work and testing services. Concerns arose that sensitive patient medical records stored on networks were exposed during the compromise. Read more

    Frontier Communications Networks Breached

    A cyberattack at Frontier Communications gave hackers access to customer PII. To contain the incident, certain systems were shut down, disrupting applications and causing support phone numbers to provide only pre-recorded messages rather than connecting to agents. Read more

    eScan Users Targeted to Install Miners

    North Korean hackers took advantage of eScan antivirus update mechanism to covertly deploy the GuptiMiner malware and backdoors, harvesting crypto using users’ machines. The malware established persistent hidden access and monitored and stopped security tools before extracting additional payloads. Read more

    Cisco Firewalls Exploited for Government Spying

    A state-sponsored hacking group breached government networks since November 2023 by abusing two leaked Cisco firewall weaknesses. Sophisticated espionage tools installed via the zero-days allowed long-term monitoring of network activity, config changes and data theft from compromised agencies worldwide. Read more

    Related Posts