The Rhysida ransomware gang has allegedly breached the network of the Chilean Army, leaking what they claim to be stolen documents online. Following a security incident detected at the end of May, the Chilean Army confirmed the impact on their systems and isolated the network while recovery efforts began.
The cybercriminals behind Rhysida have published 30% of the allegedly stolen data on their data leak site, stating that they possess even more information. This recent attack adds to the growing list of victims targeted by the Rhysida ransomware group.
Operating under the guise of a “cybersecurity team,” Rhysida has been actively targeting victims using phishing attacks and deploying their custom-built malware. The gang primarily utilizes Cobalt Strike or similar command-and-control frameworks to compromise systems.
Samples of their malware indicate that it is still in development and lacks certain features commonly found in other ransomware strains. However, the threat actors make up for this with their modern multi-extortion approach, threatening victims with the public distribution of exfiltrated data.
The breach of the Chilean Army’s network prompted the involvement of the country’s Computer Security Incident Response Team (CSIRT) and the Ministry of National Defense. In response to the incident, an Army corporal was arrested and charged for his involvement in the ransomware attack.
The leaked documents and the ongoing threat posed by the Rhysida ransomware gang highlight the critical need for robust cybersecurity measures to safeguard sensitive information and protect organizations against increasingly sophisticated cyber threats.
As the investigation and recovery efforts continue, it is crucial for organizations and individuals alike to remain vigilant against phishing attempts and strengthen their overall cybersecurity posture. Ransomware attacks, such as the one carried out by Rhysida, pose a significant risk to data integrity and can result in severe financial and reputational damage.
