UnitedHealth Group Pays Ransom, Hackers leak Code of El Salvador’s Chivo Wallet, Volkswagen Breached, Synlab Italia hit by ransomware, Frontier Communications Cyberattack Disrupts IT Systems
UnitedHealth Group Confirms Ransom Payment
UnitedHealth acknowledged it paid ransom to BlackCat/ALPHV to prevent leak of 6TB patient data stolen in February’s Optum attack. As services were disrupted, “Notchy” joined RansomHub to extort UnitedHealth again by leaking screenshots. To safeguard further exposure, UnitedHealth paid the ransom to RansomHub to remove it from their list. Read more
Source Code for Chivo Bitcoin Wallet Leaked
Hackers leaked source code and documentation for Chivo, El Salvador’s official bitcoin wallet, revealing backend operations details and sensitive customer data. Hackers can now exploit potential vulnerabilities in how the wallet handles funds, authenticate users, and interact with the network as they wish. Read more
Volkswagen Records Stolen in Chinese Hack
A five-year Chinese state-backed hack of Volkswagen extracted over 19,000 documents on engines, transmissions and electric vehicles. Attackers infiltrated networks to repeatedly steal valuable intellectual property between 2010-2015 by accessing internal documents and engineering records. Read more
APT28 Targets Windows Print Spooler
Microsoft warned that the state-backed hacking group APT28 is using a new tool called GooseEgg since June 2023 to exploit a Windows Print Spooler vulnerability, enabling elevation of privileges for unauthorized accessing of networks and stealing of credentials. Read more
Synlab Italy Services Halted by Ransomware
A ransomware attack on April 18th forced the shutdown of Synlab Italy’s IT systems, temporarily stopping diagnostic laboratory work and testing services. Concerns arose that sensitive patient medical records stored on networks were exposed during the compromise. Read more
Frontier Communications Networks Breached
A cyberattack at Frontier Communications gave hackers access to customer PII. To contain the incident, certain systems were shut down, disrupting applications and causing support phone numbers to provide only pre-recorded messages rather than connecting to agents. Read more
eScan Users Targeted to Install Miners
North Korean hackers took advantage of eScan antivirus update mechanism to covertly deploy the GuptiMiner malware and backdoors, harvesting crypto using users’ machines. The malware established persistent hidden access and monitored and stopped security tools before extracting additional payloads. Read more
Cisco Firewalls Exploited for Government Spying
A state-sponsored hacking group breached government networks since November 2023 by abusing two leaked Cisco firewall weaknesses. Sophisticated espionage tools installed via the zero-days allowed long-term monitoring of network activity, config changes and data theft from compromised agencies worldwide. Read more
