At a glance.
- Scattered Spider shifts targeting to the US insurance sector.
- Water Curse distributes malware via weaponized GitHub repositories.
- United Natural Foods continues recovery from cyberattack.
Scattered Spider shifts targeting to the US insurance sector.
Researchers at Google warn that the Scattered Spider cybercriminal group is now launching ransomware and extortion against entities in the US insurance industry, following a wave of attacks against the UK's retail sector, CyberScoop reports. John Hultquist, chief analyst at Google Threat Intelligence Group, said the threat actor has "a habit of working their way through a sector." Hultquist added, "Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers."
CyberScoop notes that Pennsylvania-based Erie Insurance disclosed a disruptive cyber incident last week, though the firm hasn't shared details on the incident.
Water Curse distributes malware via weaponized GitHub repositories.
Trend Micro has published a report on a new threat actor dubbed "Water Curse" that's using weaponized GitHub repositories to deliver malware. The malware is designed to exfiltrate data, provide remote access, and maintain long-term persistence on infected systems. Water Curse appears to be financially motivated, and has been active since March 2023.
Trend Micro notes, "Water Curse primarily targets red teams and penetration testers, developers, and gamers, reflecting a hybrid strategy that blends supply chain compromise with opportunistic exploitation across digital communities. While global in scope, the group’s operations are characterized by English-language artifacts, widespread GitHub-based delivery, and generalized victim base that spans multiple geographies."
United Natural Foods continues recovery from cyberattack.
North American grocery supplier United Natural Foods (UNFI) has made "significant progress" toward restoring its online ordering systems following a disruptive cyberattack that occurred on June 5th. The company said in an update on Sunday, "We are also using alternative processes to ensure our customers receive the products they need while we continue making progress to restore our technology capabilities."
TechCrunch notes that UNFI is the primary distributor for Whole Foods, and numerous Whole Foods stores are experiencing shelf shortages.
UNFI hasn't shared details on the nature of the attack.
