Citing sources at Mandiant, Bloomberg reports that Dark Side ransomware operators gained access to Colonial Pipeline's networks on April 29th through a deactivated, disused virtual private network (VPN) account. The attackers are believed to have found the password in a batch of credentials posted to the dark web. It's unclear whether they obtained the username in a similar fashion or arrived at it by guessing. Mandiant's investigation found no evidence of phishing, although it doesn't discount the possibility of password reuse. The investigators saw no signs of an attack earlier than the 29th.
Reuters reports that German financial tech company Fiducia & GAD IT AG, provider of online services for more than eight-hundred financial institutions, sustained a distributed denial-of-service attack on Thursday and Friday. Its effects were felt by the cooperative banks who use the company's IT services. After Thursday's disruptions, Fiducia & GAD says it was able to mitigate subsequent waves.
Anonymous may have resurfaced. Coindesk and others report that a video representing itself as coming from the anarchist collective denounces Elon Musk for effectively trolling cryptocurrency users, damaging their investments and "ruining lives."
As Presidents Biden and Putin prepare for their June 16th summit, the US increasingly regards ransomware as a national security crisis, the Washington Post reports. TASS quotes the Russian Foreign Ministry to the effect that what we have with cyber tension between the US and Russia is a failure to communicate, the US having yet to take President Putin up on his offer of "full cooperation."