At a glance.
- TeamViewer attributes breach to APT29.
- Microsoft provides updates on Midnight Blizzard email hack.
- Children’s Hospital of Chicago breach affected 791,000 individuals.
- Malware distribution campaign deploys "cluster bomb" of information-stealers.
TeamViewer attributes breach to APT29.
Remote access software provider TeamViewer is investigating a breach of its internal corporate IT environment, the Record reports. The company said in an update this morning, "Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our Corporate IT environment. Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard. Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data."
The Health Information Sharing and Analysis Center (H-ISAC) issued a threat bulletin yesterday "alerting the health sector to active cyberthreats exploiting TeamViewer." The Record also notes that cybersecurity firm NCC Group notified its customers that it "has been made aware of significant compromise of the TeamViewer remote access and support platform by an APT group."
Microsoft provides updates on Midnight Blizzard email hack.
Microsoft is notifying additional customers whose email correspondence with Microsoft was accessed by the Russian threat actor Midnight Blizzard, Engadget reports. Microsoft stated, "This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor. This is increased detail for customers who have already been notified and also includes new notifications."
Children’s Hospital of Chicago breach affected 791,000 individuals.
The Ann & Robert H. Lurie Children’s Hospital of Chicago is notifying 791,000 people that their personal and medical information was accessed during a January ransomware attack, SecurityWeek reports. The hospital said in a breach notification that it refused to pay a ransom, and the Rhysida ransomware group subsequently marked the stolen data dump as "sold" on its website. SecurityWeek says the breached information includes "name, address, date of birth, dates of service, driver’s license number, Social Security number, email address, phone number, health claims information, medical condition or diagnosis, medical record number, medical treatment, and prescription information."
Malware distribution campaign deploys "cluster bomb" of information-stealers.
Outpost24 has published a report on a malware distribution campaign that's spreading "hundreds of thousands of malware samples, infecting each victim with up to ten of them at the same time." The campaign is run by a suspected criminal group based in Eastern Europe, which is likely providing the distribution operation as a service for numerous malware operators. The researchers believe the threat actor is paid per infection and is attempting to "spread as much malware as possible to as many victims as possible." The malware is distributed via phishing emails and malware loaders. Once the initial file is executed on a machine, it "unfurls" by installing up to ten strains of information-stealing malware.