Breach Notification , Cybercrime , Fraud Management & Cybercrime

Breach Roundup: News Corp, Dish Network and Danish Hospitals

Plus, Free Decryptor Tool for MortalKombat Ransomware
Breach Roundup: News Corp, Dish Network and Danish Hospitals
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents happening around the world. This week, we look at an incident affecting News Corporation, a ransomware attack causing outages at Dish Network, an outage at Washington's Pierce Transit, ransomware on a U.S. Marshals Service system and a distributed denial-of-service attack on Danish hospitals from a threat actor that isn't what it claims. We also share a bit of good news about a cybersecurity company making a ransomware decryptor available.

See Also: Ransomware Response Essential: Fixing Initial Access Vector

News Corporation

Media and publishing firm News Corporation revealed that a cyberattack first disclosed in 2022 stems from an incident that happened in February 2020.

"Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel's accounts in the affected system, some of which contained personal information," the company said in a breach disclosure letter.

The personal information accessed included names, birthdates, Social Security numbers, driver's license numbers, passport numbers, financial account information, medical information and health insurance information.

The breach affected employees at The Wall Street Journal and its parent company, Dow Jones; the New York Post; News Corp's U.K. news operation; and News Corp headquarters, according to an email the company sent to staff Friday, The Wall Street Journal reported in February 2022. News Corp hired Mandiant to conduct a forensic investigation, and the cybersecurity company concluded that the threat actor had a connection to China and was likely engaged in a spying operation.

Dish Network

Satellite television provider Dish Network blamed a ransomware attack for a network outage that made it difficult for users to reach customer service, access their accounts and make payments. The firm told federal regulators it had learned of the breach on Feb. 23 and determined a data leak on Feb. 27. It also said ransomware attacks had exfiltrated data and that it was "possible the investigation will reveal that the extracted data includes personal information."

In a statement on its website, Dish Network said it had enabled cybersecurity experts and outside advisers to assist with the attack and notified appropriate law enforcement authorities. Bleeping Computer reported the attacker belongs to the Black Basta ransomware-as-a-service gang.

Pierce Transit

The Pierce County, Washington, public transit company confirmed a ransomware attack affecting its systems two weeks ago. The attack came to light on Feb. 14 and temporary workarounds were required to keep buses moving. Russia-based ransomware group LockBit claimed responsibility for the attack and demanded a ransom to be paid by Tuesday.

The public transportation system serves over 18,000 people every day and provides bus, van and carpool services primarily to the city of Tacoma.

US Marshals Service

Hackers in February maliciously encrypted a system belonging to the U.S. Marshals Service, compromising and exfiltrating sensitive data law enforcement data.

Exposed data includes returns from legal process, administrative information and personal identifiable information pertaining to subjects of USMS investigations, third parties and USMS employees (see: Ransomware Hits US Marshals Service).

The Marshals Service is primarily responsible for protecting judicial personnel, administering fugitive operations, managing criminal assets and protecting individuals in witness protection.

Danish Hospital Websites

The websites of nine hospitals in metro Copenhagen fell victim to distributed denial-of-service attacks from a group calling itself Anonymous Sudan. The group is on a Scandinavian tear. Previously in February it temporarily knocked out the websites of Scandinavian Airlines and a clutch of media and education outfits. Copenhagen's health authority confirmed the attacks in a tweet and assured Danes that their public healthcare was otherwise unaffected. A couple of hours later, the authority reported that the websites had been restored.

Anonymous Sudan claimed on Telegram the attacks are part of ongoing retaliation for a January incident in which a Danish far-right politician had burned a copy of the Quran outside the Turkish embassy in Stockholm. Swedish cybersecurity firm Trusec says Anonymous Sudan is actually a Russian information operation. Radio Sweden in late February reported that Swedish cybersecurity firms took down 61 servers belonging to Anonymous Sudan hosted in Germany on IBM's cloud service.

MortalKombat Decryption Tool

A bit of good news: Romanian cybersecurity firm Bitdefender released a decryption tool for the MortalKombat ransomware, malware that spreads primarily through phishing emails and vulnerable remote desktop protocol instances.

CiscoTalos in December spotted an unidentified actor deploying the recently discovered ransomware using a phishing email impersonating CoinPayments, "a legitimate global cryptocurrency payment gateway."


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.