Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.
TrueBot found in Cl0p ransomware attacks. Royal ransomware targets the healthcare sector. Recent Iranian cyber activity. A night at the opera: an update on the cyberattack against the Metropolitan Opera. New Cloud Atlas activity reported. Europe looks to the cybersecurity of its power grid. Rob Boyce from Accenture describes Dark web actors diversifying their toolsets. Rick Howard explains fractional CISOs. And international support for Ukrainian cyber defense continues, more extensively and increasingly overt.
Breaking the silence - Recent Truebot activity (Cisco Talos Blog)
TrueBot infections were observed in Clop ransomware attacks (Security Affairs)
Clop ransomware uses TrueBot malware for access to networks (BleepingComputer)
Royal Ransomware (US Department of Health and Human Services)
US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals (The Record by Recorded Future)
New MuddyWater Campaign Uses Legitimate Remote Administration Tools to Deploy Malware (Cyber Security News)
Cyberattack disrupts Metropolitan Opera (SC Media)
Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine (Check Point Research)
APT Cloud Atlas: Unbroken Threat (Positive Technologies)
European Electricity Sector Lacks Cyber Experts as Ukraine War Raises Hacking Risks (Wall Street Journal)
The Australian company training Ukrainian veterans in cybersecurity (Australian Financial Review)