The Rhysida ransomware gang has taken credit for a significant cyber intrusion into China Energy Engineering Corporation (CEEC), a prominent state-owned energy conglomerate in China. This group has claimed to have acquired a substantial amount of sensitive data and is reportedly auctioning it off for 50 BTC, intending to sell it to a single buyer. This move has sparked widespread alarm within the cybersecurity community, indicating the escalating threat posed by ransomware groups targeting critical infrastructure and multinational corporations.
The FBI and CISA recently issued a joint Cybersecurity Advisory as part of the ongoing #StopRansomware initiative, warning organizations about the Rhysida ransomware’s tactics, techniques, and procedures (TTPs). The advisory aimed to disseminate crucial information and indicators of compromise associated with this ransomware strain. It shed light on the group’s activities, highlighting their modus operandi that involves targeting multiple industries, including education, healthcare, manufacturing, information technology, and government sectors.
The report further underscored the alarming scope of the Rhysida ransomware’s impact, identifying similarities between their operations and those of other known threat actors. Moreover, the advisory highlighted the group’s utilization of various methods for initial network access, including exploiting vulnerabilities like Zerologon (CVE-2020-1472) in Microsoft’s Netlogon Remote Protocol. Their reliance on living off-the-land techniques, utilizing native network administration tools for malicious activities, signals an alarming level of sophistication. The Rhysida ransomware gang’s widespread impact, coupled with their utilization of diverse tactics to breach networks, has raised urgent concerns regarding the evolving landscape of cyber threats and the pressing need for enhanced cybersecurity measures across industries.
Read more:
