CompuCom Hit By DarkSide Ransomware, Tells Customers: Report
‘Based on our expert’s analysis to date, we understand that the attacker deployed a persistent Cobalt Strike backdoor to several systems in the environment and acquired administrative credentials. These administrative credentials were then used to deploy the Darkside Ransomware,’ CompuCom tells customers. By Michael Novinson March 04, 2021, 06:30 PM EST
CompuCom told customers it suffered a DarkSide ransomware attack after the hackers acquired administrative credentials for the Office Depot subsidiary, according to BleepingComputer.
The ransomware group started by installing Cobalt Strike beacons on several systems in the ecosystem of Dallas-based CompuCom, No. 41 on the 2020 CRN Solution Provider 500. That’s according to a ‘Customer FAQ Regarding Malware Incident’ document shared with BleepingComputer Thursday. Hackers use Cobalt Strike to proactively test victim’s de
REvil Ransomware Attacks MSP Standley Systems, Leaks SSNs
Notorious ransomware operator REvil boasts on its dark web leak site of having medical documents, social security numbers, personal data, and passports and licenses from MSP Standley Systems and its clients. By Michael Novinson March 05, 2021, 10:30 AM EST
The REvil ransomware gang says they’ve attacked IT infrastructure and managed services firm Standley Systems and obtained sensitive data including more than 1,000 social security numbers.
The notorious ransomware operator boasts on its dark web leak site that, in addition to the social security numbers, they have obtained service contracts, medical documents, personal data from Standley’s clients, and passports and licenses of Standley’s employees, according to a screenshot obtained by CRN. On the leak site, REvil said it posted links to data from six Standley customers as well as client backups.
CompuCom Hit With Malware As MSPs Remain Under Siege
A recent malware attack is affecting some of the services CompuCom provides to customers, and the Office Depot subsidiary said Wednesday it’s in the process of restoring customer services and internal operations By Michael Novinson March 03, 2021, 10:15 PM EST
CompuCom admitted Wednesday that a recent malware attack is affecting some of the services the Office Depot subsidiary provides to customers.
The Dallas-based business, No. 41 on the 2020 CRN Solution Provider 500, said late Wednesday that it’s in the process of restoring customer services and internal operations as quickly and safely as possible. CompuCom said there’s no indication that customers’ systems were directly impacted by the malware, but acknowledged that its investigation is still in the early stages.
Microsoft Exchange Vulnerability Much Larger Than Company Is Saying: Huntress
‘This seems to be a much larger spread than just ‘limited and targeted attacks’ as Microsoft has suggested . These [victim] companies do not perfectly align with Microsoft’s guidance,’ says Huntress’ John Hammond. By Michael Novinson March 03, 2021, 03:54 PM EST
Huntress has challenged Microsoft’s claim that Chinese hackers executed “limited and targeted attacks” against on-premises Exchange servers, arguing the scope of compromise is fairly widespread.
The Ellicott City, Md.-based managed detection and response (MDR) vendor said roughly 400 of the 2,000 Exchange servers the company has checked are susceptible to the zero-day vulnerabilities being exploited by Chinese hacking group Hafnium, with an additionally 100 servers potentially vulnerable. In addition, Huntress said nearly 200 of its partners’ servers have received malicious web shell payl
U.S. Senators: AWS Infrastructure Used In SolarWinds Attack
‘The operation we’ll be discussing today uses [Amazon’s] infrastructure, [and], at least in part, required it to be successful. Apparently they were too busy to discuss that here with us today,’ says Sen. Marco Rubio, R-Fla. By Michael Novinson February 23, 2021, 07:06 PM EST
Senators slammed Amazon Web Services for refusing to testify at a hearing about the SolarWinds intrusion given the public cloud giant’s infrastructure was used in the attack.
“We had extended an invitation to Amazon to participate. The operation we’ll be discussing today uses their infrastructure, [and], at least in part, required it to be successful,” Sen. Marco Rubio, R-Fla., said during a Senate Intelligence Committee hearing Tuesday. “Apparently they were too busy to discuss that here with us today, and I hope they’ll reconsider that in the future.”