Procter & Gamble Admits GoAnywhere Bug Breach in Latest Cybersecurity Incident
- Written by Ari Denial Cybersecurity & Tech Writer
Procter & Gamble (P&G) has confirmed a suspected breach caused by Fortra’s GoAnywhere vulnerability. They revealed that “one of the many companies” was indeed victimized, and that the attackers managed to obtain “some information” about the company’s employees. The nature and extent of the information obtained have not been disclosed by P&G at this time.
P&G has clarified that the attackers were unable to access the financial or social security information of their employees, although some of their data was stolen by the attackers.
Clop, a ransomware syndicate reportedly linked to Russia, has claimed responsibility for breaching dozens of organizations through a zero-day vulnerability found in Fortra’s GoAnywhere-managed file transfer software. The group announced on its dark web blog, naming several high-profile victims including Shell, Hitachi, Hatch Bank, Stanford University, Rubrik, Virgin, and many others.
According to reports, the Clop ransomware group exploited a vulnerability in the GoAnywhere software that allowed the attackers to gain unauthorized access to sensitive data. The group then reportedly demanded ransom payments from the affected organizations in exchange for the decryption of the stolen data.
The scale of the attack is still unclear, and it is currently unknown how many organizations were affected. However, the fact that several high-profile companies and institutions were named as victims is causing concern among cybersecurity experts.
The affected organizations are yet to disclose the impact of the breach on their operations and customers. However, this incident serves as a reminder of the persistent threat posed by ransomware groups and the need for organizations to remain vigilant and proactive in their cybersecurity measures.
According to P&G, the company became aware of the incident in early February and promptly initiated an investigation. As a precautionary measure, P&G disabled the use of Fortra’s services and informed their employees about the cyberattack.
P&G confirmed that there is currently no evidence to suggest that customer data was impacted by the issue. Furthermore, they have reassured stakeholders that the company’s business operations are proceeding as usual.
North Korean Hackers Utilizing Malicious Browser Extension to Surveillance Email Accounts, Cybersecurity Experts Warn
- Written by Ari Denial Cybersecurity & Tech Writer
A malicious browser extension capable of stealing email content from Gmail and AOL accounts has been deployed by a threat actor with aligned interests with North Korea.
German and South Korean intelligence agencies issued Joint Cybersecurity Advisory, alerting Kimsuky’s use of Chrome extensions to Illicitly access Gmail emails of targets.
North Korean threat group Kimsuky expands spear phishing operations to target diplomats, journalists, and government agencies in the USA and Europe. Cybersecurity experts issue joint security advisory warning of North Korean hacking group’s use of malicious chrome extension and android applications in two attack methods.
Malware linked to North Korean threat group Kimsuky by cybersecurity firm Volexity, attributed to SharpTongue activity cluster with similar overlaps. SharpTongue activity cluster has a track record of targeting individuals working on sensitive topics involving North Korea and nuclear issues in the USA, Europe, and South Korea.
Named ‘AF’, a malicious chrome extension used by North Korean hackers can only be detected in the browser extension list by entering the specific address, cybersecurity experts find.
Upon accessing Gmail through the infected browser, the ‘AF’ extension activates automatically and illicitly intercepts and steals the victim’s email content, cybersecurity experts caution.
The extension abuses the browser’s Devtools API (developer tools API) to send the stolen data to the attacker’s relay server, secretly stealing their emails without breaking or bypassing account security protections. Kimsuky has a history of exploiting malicious chrome extensions to steal emails from compromised systems.
Months after Kimsuky actor employed Konni Rat to target political institutions in Russia and South Korea, new research links hacking group to malicious chrome extension ‘AF’ used for stealing email content from compromised Gmail accounts, reports the cybersecurity firm.
To mitigate the risk of cyber attacks, experts recommend regularly updating software, exercising caution when opening unexpected emails or links, and conducting periodic monitoring of accounts to identify and respond to suspicious activity.
