Companies are advised to constantly update their apps and software and patch known network vulnerabilities to prevent such attacks.
According to a joint advisory issued by several US federal agencies, ransomware groups, known as “ghosts,” are the use of vulnerabilities in the networks of various organizations to access systems.
The attacks target schools and universities, government networks, critical infrastructure, technology and manufacturing companies, healthcare, and several small businesses.
“This indiscriminate targeting of networks containing this vulnerability has led to compromises among more than 70 organizations, including Chinese organizations,” CISA, FBI and Multi-State Information Analysis and Analysis Center advises It is stated in.
The ghost actor is also associated with other names such as Cring, Cring, Crypt3r, Hsharada, Hello, Wickrme, Phantom, Rapture, Strike, and more.
Criminals use publicly available code to leverage target “common vulnerabilities and exposures” to ensure access to the server. It takes advantage of vulnerabilities in servers running Adobe ColdFusion, Microsoft Exchange, and Microsoft SharePoint.
Related Stories
Threat actors use the tool to “collect passwords and hashes of passwords to help with unauthorized logins and privilege escalations, or pivot to other victim devices.” Attackers usually only spend a few days on the target network.
The Advisory recommends patching network vulnerabilities to known vulnerabilities by applying “timely security updates” to firmware, software and operating systems.
The organization said it needs to train users to recognize phishing attempts. Entities must identify, investigate and issue alerts regarding “abnormal network activity.”
“Maintain a regular system backup known, stored offline or segmented from the source system,” the advisory added.
“Ghost ransomware victims who were not affected by ransomware attacks were able to recover their operations in many cases without contacting the ghostactor or paying a ransom.”
Pre-location by China
This advisory was published as part of an ongoing effort to combat ransomware threats.
Beijing-sponsored cyber actor Volt Typhoon puts the IT environment of several key infrastructure organizations in sectors such as energy, transportation, communications and water systems.
Hackers stole customer call records and private communications from “a limited number of individuals involved primarily in government or political activities.”
“The exploitation of vulnerabilities in the Chinese Communist Party’s major internet service providers is the latest in Beijing, Tehran and Moscow’s work,” said Chairman Mark Greene (R-Tenn.) It’s an alarm. You gain strategic advantages through cyberspy, manipulation and destruction.”
