Updated my post on the Anubis attack on Mid South Pulmonary Specialists after getting additional info from Anubis.
It seems they used their wiper to delete all of MSPS's backups, and then encrypted all of their systems.
That sounds pretty grim. MSPS has not posted anything (perhaps they can't) or issued any notice anywhere about whether patient care has been affected at all by any breach.
#HIPAA #healthsec #cybersecurity #databreach #ransomware #Anubis #wiper #backups #incidentresponse
I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:
"Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
https://databreaches.net/2025/12/09/tell-the-truth-or-someone-will-tell-it-for-you-trumbull-county-ohio-edition/
#databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County
Anubis hasn't really had a lot of media coverage, but @amvinfe's post about the attack on Mid South Pulmonary & Sleep Specialists was a wake-up call for me. So I took a look at Anubis's dark web leak site and saw they added -- and leaked -- five U.S. healthcare entities in November.
Given that they are not loath to encrypt and wipe victims' data... well... yikes.
#databreach #ransomware #Anubis #HealthSec #cybersecurity #HIPAA #wiper
Predatory Sparrow’s toolkit and chain-of-execution highlight destructive-sabotage best practices for defenders:
- Multi-stage batch scripts with hostname checks (avoid accidental collateral).
- Scheduled-task detonation (msrun.bat → 23:55) and NIC disable via PowerShell.
- Log wiping (wevtutil) and BCD/shadow-copy removal to prevent recovery.
- XOR-encrypted configs (msconf.conf), encrypted payloads, and precise target enumeration.
Detection & response suggestions: immutable offline backups, firmware-level integrity checks, EDR + OT anomaly telemetry correlation, and scheduled-task auditing. Discuss what telemetry you’d add to catch the staging phase - then follow @technadu for more IOCs and deep dives.
#ThreatIntel #Wiper #IR #EDR #OTSecurity #ICS #TTPs #InfoSec
HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot
Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...
#WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper
https://sekurak.pl/hybridpetya-ransomware-omijajacy-zabezpieczenie-uefi-secure-boot/
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine - Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukra... https://blog.talosintelligence.com/pathwiper-targets-ukraine/ #landingpagetopstory #threatadvisory #topstory #ukraine #wiper #apt
👾 Chaos is a #RaaS that also acts as a #wiper, RAT, or even #DDoS botnet.
🎯 It targets both large companies across different industries and SMEs with weak #cybersecurity posture.
👉 Learn more & collect #IOCs: https://any.run/malware-trends/chaos/?utm_source=mastodon&utm_medium=post&utm_campaign=chaos&utm_content=linktomtt&utm_term=050525
@Em0nM4stodon not only must we resist but actively sabotage said attempts.
Make it a mandatory feature and commit #AssetDenial against #Cyberfacists!
#Ransomware: Immer mehr Zerstörung - inside-it.ch https://www.inside-it.ch/ransomware-immer-mehr-zerstoerung-20241127 #Wiper #Malware
Corriere.it - Homepage by di Erica Dellapasqua
Donna incinta trova il tergicristallo rotto e lascia biglietto: "Ho parcheggiato male ma tu sei maleducato!"
Nuovi casi di parcheggi selvaggi e messaggi per giustificare la sosta vietata. Il biglietto lasciato da una donna incinta che ha ritrovato la sua auto (parcheggiata male) sfregiata
Translated:
Pregnant woman finds broken windshield wiper and leaves note: "I parked badly but you are rude!"
New cases of wild parking and messages to justify unauthorized parking. A ticket left by a pregnant woman who found her car (badly parked) vandalized.
#wiper
http://roma.corriere.it/notizie/cronaca/24_ottobre_01/roma-trova-il-tergicristallo-dell-auto-rotto-e-lascia-un-biglietto-ho-parcheggiato-male-perche-sono-incinta-tu-sei-maleducato-41197558-1567-4815-a2fd-e3e491cbexlk.shtml
The Russians Are Evolving Destructive Malware
#News #TechNews #Russia #Malware #Wiper #cybersecurity #cyberwarfare #Ukraine
Daily podcast: The Russians Are Evolving Destructive Malware
#News #TechNews #Russia #Malware #Wiper #cybersecurity #cyberwarfare #Ukraine #podcast
#bincapz is getting some press, so I've been inspired to push out a v0.6.0 update:
* Improved packed #ELF #detection
* Improved #Linux #wiper detection
* Improved #Trojan #stealer detection
* Improved #Javascript #supply-chain attack detection
* Improved suspicious eval() detection
Get it here: https://github.com/chainguard-dev/bincapz
SentinelLabs discovered a new variant of AcidRain wiper targeting Ukraine, which they call AcidPour. Their analysis confirms the connection between AcidRain and AcidPour, connecting it to clusters previously publicly attributed to Russian military intelligence. The discovery coincides with the enduring disruption of multiple Ukrainian telecommunication networks since 13 March 2024. SentinelLabs provides a technical analysis, describes AcidPour features and lists IOC. 🔗 https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/
#AcidRain #AcidPour #wiper #malware #threatintel #IOC #Russia #Ukraine #RussiaUkraineWar
Iranian Agonizing Serpens #APT is targeting Israeli entities with destructive cyber attacks
https://securityaffairs.com/153703/apt/iranian-agonizing-serpens-apt-wipers.html
#securityaffairs #hacking #wiper
