therecord.media - Cybercriminals are extorting the German humanitarian aid group Welthungerhilfe (WHH) for 20 bitcoin. The charity said it will not pay.

Deutsche Welthungerhilfe (WHH), the German charity that aims to develop sustainable food supplies in some of the world’s most impoverished countries, has been attacked by a ransomware gang.

The charity, whose name literally translates as World Hunger Help, reached 16.4 million people in 2023. It is currently providing emergency aid to people in Gaza, Ukraine, Sudan and other countries and regions where there is an urgent need for food, water, medicine and basic necessities.

A spokesperson confirmed to Recorded Future News that WHH had been targeted by a ransomware-as-a-service (RaaS) group which recently listed the charity on its darknet leak site.

The cybercriminals are attempting to sell data stolen from the charity for 20 bitcoin, equivalent to around $2.1 million, although it is not clear whether WHH’s computer networks have also been encrypted. The charity said it would not be making an extortion payment to the criminals behind the attack.

“The affected systems were shut down immediately and external IT experts who specialise in such cases were called in. We have also further strengthened the security of our systems with additional technical protective measures,” said a WHH spokesperson.

“We have informed the relevant data protection authority, consulted our data protection officer and involved the police authorities. We continue to liaise closely with the authorities,” they added.

The charity stressed it was “continuing our work in our project countries unchanged. We continue to stand by the side of the people who need our support. In view of the many humanitarian crises worldwide, our work is more important than ever.”

The RaaS group that is extorting WHH was previously responsible for attacks on multiple hospitals — including The Ann & Robert H. Lurie Children’s Hospital of Chicago and hospitals run by Prospect Medical Holdings — and last year also attempted to extort the disability nonprofit Easterseals.

The Scattered Spider hacking group has caused chaos among retailers, insurers, and airlines in recent months. Researchers warn that its flexible structure poses challenges for defense.

Empty grocery store shelves and grounded planes tend to signal a crisis, whether it’s an extreme weather event, public health crisis, or geopolitical emergency. But these scenes of chaos in recent weeks in the United Kingdom, United States, and Canada were caused instead by financially motivated cyberattacks—seemingly perpetrated by a collective of joyriding teens.

A notorious cybercriminal group often called Scattered Spider is known for using social engineering techniques to infiltrate target companies by tricking IT help desk workers into granting them system access. Researchers say that the group seems to gain expertise about the backend systems commonly used by businesses in a particular industry and then uses this knowledge to hit a cluster of targets before moving on to another sector. The group often deploys ransomware or conducts data extortion attacks once it has compromised its victims.

Amid increasing pressure from law enforcement last year, which culminated in charges and arrests of five suspects allegedly linked to Scattered Spider, researchers say that the group was less active in 2024 and seemed to be attempting to lay low. The group’s escalating attacks in recent weeks, though, have shown that, far from being defeated, Scattered Spider is emboldened once again.
“There are some uniquely skilled actors in Scattered Spider when it comes to social engineering, and they have identified a major gap in our security systems that they’re successfully taking advantage of,” says John Hultquist, chief analyst in Google’s threat intelligence group. “This group is carrying out serious attacks on our critical infrastructure, and I hope that we’re not missing the opportunity to address the most imminent threat.”

Though a number of incidents have not been publicly attributed, an overwhelming spree of recent attacks on UK grocery store chains, North American insurers, and international airlines has broadly been tied to Scattered Spider. In May, the UK’s National Crime Agency confirmed it was looking at Scattered Spider in connection to the attacks on British retailers. And the FBI warned in an alert on Friday that it has observed “the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.” The warning came as North American airlines Westjet and Hawaii Airlines said they had been victims of cybercriminal hacks. On Wednesday, the Australian airline Qantas also said it had been hit with a cyberattack, though it was not immediately clear if this attack was part of the group’s campaign.

Cybercriminals use GhostGPT, an uncensored AI chatbot, for malware creation, BEC scams, and more. Learn about the risks and how AI fights back.
#chatbot #creation #cybercriminals #fights #ghostgpt #learn #malware #risks #scams #uncensored

Introduction Telegram, as previously reported by KELA, is a popular and legitimate messaging platform that has evolved in the past few years into a major platform for cybercriminal activities. Its lack of strict content moderation has made the platform cybercriminals’ playground. They use the platform for distribution of stolen data and hacking tools, publicizing their […]

Eight individuals have been arrested as part of an ongoing international crackdown on cybercrime, dealing a major blow to criminal operations in Côte d’Ivoire and Nigeria.

The arrests were made as part of INTERPOL’s Operation Contender 2.0, an initiative aimed at combating cyber-enabled crimes, primarily in West Africa, through enhanced international intelligence sharing.

Phishing scam targets Swiss citizens

In Côte d’Ivoire authorities dismantled a large-scale phishing scam, thanks to a collaborative effort with Swiss police and INTERPOL.

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which…

Abuse by cybercriminals Cobalt Strike is a popular commercial tool provided by the cybersecurity software company Fortra. It is designed to help legitimate IT security experts perform attack simulations that identify weaknesses in security operations and incident responses. In the wrong hands, however, unlicensed copies of Cobalt Strike can provide a malicious actor with a wide range of attack capabilities.Fortra...

Explore the shift in phishing from Dark web to Telegram, where cybercriminals trade tools and data, and uncover Guardio's insights on countering this menace.

NCSC says generative AI tools will soon allow amateur cybercriminals to launch sophisticated phishing attacks

Cyble reflects on the identification of a forum administrator and two cybercriminals and how it impacts the wider cybercrime ecosystem.

Raspberry Robin appears to be a type of Pay-Per-Install botnet, likely to be used by cybercriminals to distribute other malware.

At the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses. However, ChatGPT has also added some spice to the modern cyber threat landscape as it quickly became apparent that code generation can help less-skilled threat actors effortlessly launch cyberattacks.

In Check Point Research’s (CPR) previous blog, we described how ChatGPT successfully conducted a full infection flow, from creating a convincing spear-phishing email to running a reverse shell, capable of accepting commands in English. The question at hand is whether this is just a hypothetical threat or if there are already threat actors using OpenAI technologies for malicious purposes.

CPR’s analysis of several major underground hacking communities shows that there are already first instances of cybercriminals using OpenAI to develop malicious tools. As we suspected, some of the cases clearly showed that many cybercriminals using OpenAI have no development skills at all. Although the tools that we present in this report are pretty basic, it’s only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad.

Users of underground forums start sharing malware coded by OpenAI’s viral sensation and dating scammers are planning on creating convincing fake girls with the tool. Cyber prognosticators predict more malicious use of ChatGPT is to come.

As demand for malicious proxy services continues, new players have entered the market. Black Proxies is marketed to other cybercriminals for their reliability, scope, and overwhelming number of IP addresses.

The president of Costa Rica says his country is "at war", as cyber-criminals cause major disruption to IT systems of numerous government ministries.
Rodrigo Chaves said hackers infiltrated 27 government institutions, including municipalities and state-run utilities.