This Week in Cybersecurity: April 22 – April 26, UnitedHealth Group Pays Ransom

Written by Mitchell Langley

April 29, 2024

This Week in Cybersecurity: April 22 – April 26, UnitedHealth Group Pays Ransom

UnitedHealth Group Pays Ransom, Hackers leak Code of El Salvador’s Chivo Wallet, Volkswagen Breached, Synlab Italia hit by ransomware, Frontier Communications Cyberattack Disrupts IT Systems

UnitedHealth Group Confirms Ransom Payment

UnitedHealth acknowledged it paid ransom to BlackCat/ALPHV to prevent leak of 6TB patient data stolen in February’s Optum attack. As services were disrupted, “Notchy” joined RansomHub to extort UnitedHealth again by leaking screenshots. To safeguard further exposure, UnitedHealth paid the ransom to RansomHub to remove it from their list. Read more

Source Code for Chivo Bitcoin Wallet Leaked

Hackers leaked source code and documentation for Chivo, El Salvador’s official bitcoin wallet, revealing backend operations details and sensitive customer data. Hackers can now exploit potential vulnerabilities in how the wallet handles funds, authenticate users, and interact with the network as they wish. Read more

Volkswagen Records Stolen in Chinese Hack

A five-year Chinese state-backed hack of Volkswagen extracted over 19,000 documents on engines, transmissions and electric vehicles. Attackers infiltrated networks to repeatedly steal valuable intellectual property between 2010-2015 by accessing internal documents and engineering records. Read more

APT28 Targets Windows Print Spooler

Microsoft warned that the state-backed hacking group APT28 is using a new tool called GooseEgg since June 2023 to exploit a Windows Print Spooler vulnerability, enabling elevation of privileges for unauthorized accessing of networks and stealing of credentials. Read more

Synlab Italy Services Halted by Ransomware

A ransomware attack on April 18th forced the shutdown of Synlab Italy’s IT systems, temporarily stopping diagnostic laboratory work and testing services. Concerns arose that sensitive patient medical records stored on networks were exposed during the compromise. Read more

Frontier Communications Networks Breached

A cyberattack at Frontier Communications gave hackers access to customer PII. To contain the incident, certain systems were shut down, disrupting applications and causing support phone numbers to provide only pre-recorded messages rather than connecting to agents. Read more

eScan Users Targeted to Install Miners

North Korean hackers took advantage of eScan antivirus update mechanism to covertly deploy the GuptiMiner malware and backdoors, harvesting crypto using users’ machines. The malware established persistent hidden access and monitored and stopped security tools before extracting additional payloads. Read more

Cisco Firewalls Exploited for Government Spying

A state-sponsored hacking group breached government networks since November 2023 by abusing two leaked Cisco firewall weaknesses. Sophisticated espionage tools installed via the zero-days allowed long-term monitoring of network activity, config changes and data theft from compromised agencies worldwide. Read more

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!