Priya Patel
TLDR:
- Microsoft report on foreign influence operations in 2024 US elections.
- Palo Alto Networks discloses critical VPN zero-day vulnerability.
- RansomHub leaks data allegedly stolen in Change Healthcare attack.
- Change Healthcare ransomware attack costs UnitedHealth Group $872 million.
- Mandiant ties OT attacks to Russia’s GRU and Ukraine-linked hackers deploy ICS malware against Russian infrastructure company.
- Cyberattack hits New York State Legislature office.
At a glance, Microsoft’s report highlights foreign influence operations targeting the 2024 US elections, with Russia focusing on Ukraine and China exploiting societal divisions. Palo Alto Networks disclosed a critical zero-day vulnerability affecting its GlobalProtect VPN product, with potential exploitation by threat actors. RansomHub has started leaking data from the Change Healthcare attack, which has cost UnitedHealth Group $872 million. Mandiant linked OT attacks to Russia’s GRU and Ukraine-linked hackers deployed ICS malware against a Russian infrastructure company. A cyberattack also hit the New York State Legislature office, affecting budget activities.
Full Article:
Microsoft recently published a report on foreign influence operations targeting the 2024 US elections. The report highlighted efforts by Russia to undermine U.S. support for Ukraine and China to exploit societal polarization. Microsoft found that generative AI is being used by Russia, China, and Iran to support their influence campaigns. Separately, CISA, FBI, and ODNI issued an advisory on election interference by China, Russia, and Iran.
Palo Alto Networks disclosed a critical zero-day vulnerability in its GlobalProtect VPN product. The vulnerability allows attackers to execute arbitrary code with root privileges. Volexity researchers identified a threat actor exploiting the flaw and creating a reverse shell on affected devices.
RansomHub has begun leaking data allegedly stolen during the Change Healthcare attack, where the ALPHV/Blackcat ransomware gang demanded a $22 million ransom. UnitedHealth Group revealed that the attack has cost the company $872 million so far, with expected costs to exceed $1 billion by year-end.
Mandiant tied OT attacks to Russia’s GRU, specifically the Sandworm group, now tracked as “APT44.” This group has been attributed to various global cyber operations, and has collaborated with hacktivist groups in attacks against OT systems. Ukraine-linked hackers also deployed ICS malware against a Russian infrastructure company, causing damage to remote sensors and IoT devices.
Lastly, a cyberattack hit the New York State Legislature office, disrupting activities related to enacting the state budget. Cisco Talos warned of a surge in brute-force attacks against VPN services, web application authentication interfaces, and SSH portals originating from TOR exit nodes and other anonymizing tunnels.
