We've done it, we've made it to summer! The days are longer, the weather is warmer, and the Queens are looking forward to an action-packed summer, with of course time to wind down as well...
As always, lots has happened in Security Queens HQ...
Sophia was recently featured as a role model for the UK Cyber Security Council, you can read about her profile here.
Sophia & Sarah also helped host another wonderful Ladies of Cheltenham Hacking event last week, a physical security special which went down a treat with all the attendees! We'd like to say another massive thank you to the sponsor of the night, Digital Woof, and if you wish to join us next time keep an eye on our Meetup page for future events.
Moving onto industry news, this month oil and gas giant Shell confirmed it was impacted by a Clop ransomware attack. The ransomware gang breached the company through the third-party MOVEit file transfer tool and listed the multinational oil and gas company on their extortion site. This is the second time that shell has ben hit by an attack by the Clop group targeting a file transfer service.
Researchers have uncovered a phishing campaign which infects Russian-speaking Enlisted gamers with fake WannaCry ransomware. Hackers have used a fake website closely resembling the game Enlisted to distribute the ransomware via. a legitimate game installer. The ransomware has adopted the name WannaCry 3.0 and used the wncry file extension for encrypting files, although it is not a genuine variant of WannaCry.
Over 100,000 ChatGPT accounts have been found for sale on the dark web, including chat logs and query history. Singapore-based threat intelligence outfit Group-IB had found the ChatGPT credentials, with most logs breached using the Racoon info stealer.
A ransomware gang has revealed to Reddit that it stole 80GB of data, and is demanding a $4.5 million ransom. The ALPHV ransomware gang is also demanding a halt to the company's plan to charge for API access as well as the monetary ransom, or threatens to leak the data. The hack is presumed to have been the result of a breach that happened back in February, with ALPHV/Blackcat continually trying to extort Reddit over recent months. “Reddit was emailed twice by operators, once on April 13 and one again on June 16,” the group claimed. “There was no attempt to find out what we took.”
In the aviation space, American Airlines and Southwest Airlines have disclosed data breaches that have affected pilots. The two airlines disclosed that the data breaches were caused by a hack of Pilot Credentials, a third-party vendor that manages multiple airlines' pilot applications and recruitment portals. Both airlines were informed of the Pilot Credentials incident on May 3, which was limited solely to the systems of the third-party vendor, with no compromise or impact on the airlines' own networks or systems.
A Chinese nation-state has started using never-before-seen tactics in critical national infrastructure attacks. The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda. Volt Typhoon, as known as Bronze Silhouette, is a cyber espionage group from China that's been linked to network intrusion operations against the U.S government, defense, and other critical infrastructure organisations.
And finally, hackers have attacked a Russian telecom provider and claimed affiliation with the Wagner Group. The hackers claimed to have targeted Dozor, a satellite telecommunications provider that services power lines, oil fields, Russian military units and the Federal Security Service (FSB). The attackers have also released nearly 700 files associated with the attack.
As always you can find our most recent posts below...
Lots of love,
The Security Queens xxx