Security experts have discovered a new variant of ransomware, called Kimcilware, which has recently been targeting websites running the Magento ecommerce platform. Once installed on the webserver, Kimcilware uses block ciphers to encrypt the website’s files and demand a Bitcoin payment ranging between $140 and $415. Magento was contacted regarding this malicious activity, and they claim that the attacks are not singling out Magento, but rather targeting “more general web server vulnerabilities.” It is still unknown who is behind these attacks, but MalwareHunterTeam has been working to uncover the cyber criminals, finding that the malware used most likely stems from the open-source ransomware sample called Hidden Tear. Magento has applied all available patches to its software and encourages merchants to check their Security Center for news about any issues regarding the Magento platform.
The FBI has issued a warning to US companies and agencies revealing that the US government’s networks have been compromised by a ‘group of malicious cyber actors’ since at least 2011. It has been confirmed that the group has stolen sensitive information from “various government and commercial networks,” and the FBI released the list of malicious domain names. Although the FBI has not confirmed the identity of the group of hackers, threat researchers from multiple different organizations claim that the activity aligns with a Chinese state-sponsored group called APT6. According to the FBI, the domains associated with the hacking group were “suspended” as of December 2015, but the alarming fact is that the FBI is unclear whether or not the hackers are still present in the US government’s networks or not. Regardless, this alert accompanied with the recent admission of guilt by Chinese national Su Bin to hacking US defense contractors in 2014, should motivate the government to further secure their networks.
References: FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years | FBI issues alert on hacking campaign targeting federal networks | APT6 compromised the US government networks for years
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.