At a glance.
- FBI disrupts Radar/Dispossessor ransomware operation.
- South Korean government says North Korean hackers stole tank and spy plane information.
- Orion SA loses $60 million to scammers.
FBI disrupts Radar/Dispossessor ransomware operation.
The US Federal Bureau of Investigation has disrupted the Radar/Dispossessor ransomware operation, working with law enforcement in the UK and Germany to dismantle "three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain." The group has been active since August 2023, hitting at least 43 victims around the world.
The Bureau stated, "Since its inception in August 2023, Radar/Dispossessor has quickly developed into an internationally impactful ransomware group, targeting and attacking small-to-mid-sized businesses and organizations from the production, development, education, healthcare, financial services, and transportation sectors. Originally focused on entities in the United States, the investigation discovered 43 companies as victims of the attacks, from countries including Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany."
South Korean government says North Korean hackers stole tank and spy plane information.
The South Korean government says North Korean hackers stole sensitive information on South Korea's tanks and spy planes, BleepingComputer reports. The spy plane data was reportedly stolen from a South Korean defense contractor that produces operating manuals for military equipment. BleepingComputer cites local media reports as saying that "the leakage of the K2 tank data occurred when engineers working on one of the tank's part makers moved to a competing company, taking along with them in external storage drives design blueprints, development reports, and details about the tank's overpressure system."
Orion SA loses $60 million to scammers.
Luxembourg-based chemicals company Orion SA has disclosed that it lost $60 million to a wire fraud scheme, the Register reports. The company didn't specify details of the attack, but the Register notes that the description suggests that it was a business email compromise (BEC) attack.
The company said in a filing with the US SEC, "[A] Company employee, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties. As a result of this incident, and if no further recoveries of transferred funds occur, the Company expects to record a one-time pre-tax charge of approximately $60 million for the unrecovered fraudulent wire transfers. The Company has cooperated, and will continue to cooperate, with law enforcement as appropriate, and intends to pursue recovery of these funds through all legally available means, including potentially available insurance coverage. To date, the Company has not found any evidence of additional fraudulent activity and currently does not believe the incident resulted in any unauthorized access to data or systems maintained by the Company."