Many have long believed that Russian cybercriminals tend to operate at the Russian government's sufferance, but Truesec reports that it's found evidence that the gangs may also be working for the state. Specifically there are signs that EvilCorp is operating under the security organs' direction. According to Radio Free Europe | Radio Liberty, similar evidence is emerging in the New York trial of an alleged Methbot ringleader.
The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday published an Analysis Report on the FiveHands ransomware campaign. "Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware, and SombRAT remote access trojan (RAT), to steal information, obfuscate files, and demand a ransom from the victim organization," the report says.
Scripps Health in Southern California is still recovering from the cyberattack it sustained last weekend, KPBS reports. The medical system is using workarounds as it continues to deliver care, and says that patient safety is uncompromised, but scheduling and other IT-dependant functions continue to see disruption.
British consumer advocacy organization Which? (sic) says that thousands of UK households are using outdated and vulnerable home routers.
ZDNet reports that a European biomolecular research institute lost a week's worth of data to a Ryuk ransomware infestation. The ransomware found its way in courtesy of a student who was looking for a free version of visualization software and settled for a cracked version that executed a Trojan on the student's device which stole RDP credentials. The attackers then used their stolen access to install Ryuk.