The breach was first reported earlier this month when South Korean media Sisa Journal began covering the attack. At the time, KAERI initially confirmed and then denied that the attack occurred.

Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors.
The Darkside ransomware operation launched in August 2020, targeting corporate networks and demanding millions of dollars for a decryptor and a promise not to release stolen data.

Eliminating the barriers to threat information sharing between the federal government and private sector. The executive order ensures that to remove barriers threat information sharing between government and private sector. The attack on the colonial pipeline should be an alarming call to improve security protocols. The executive also includes enhancing critical logging information related to an incident and establishing a universal, consistent, and straightforward methodology for responding to the incident.

The colonial pipeline is restored and started its operations after a week of the attack, said on Wednesday evening of 13 May. The law enforcement and security specialist swiftly pointed to Darkside’s underworld organization as they claimed responsibility for this outbreak. The FBI and other law enforcement do not want to agree to pay for them. But they do not have the backups and do not have time to recover by themselves.

The group lets third parties use its ransomware to get from victims and receive a share in return. The attackers looking around for administrator accounts throughout the network and then infects the servers and machines. After the seizure, they receive payment which goes to an unknown account. Darkside takes responsibility for all these attacks. The colonial pipeline is also affected by these attacks. Bloomberg reported that they agree to the ransom of 75 Bitcoin, which is $5 million.

The stolen data is published on the data leak site to pressure the victim for ransom. Recently the gang target 12 victims with released data of ten of them. When it comes to threatening, the gang publishes data differently as it adopts a different way from another ransomware. They sell the data with other threatened victims or sell it to the competitors. When time proceeds, if the victim does not accept their demand, they started releasing the password-protected files containing the victim’s data.

Capcom says that it was in the process of boosting network defenses when Ragnar Locker threat actor breached its network. The compromised VPN device was on its way out as new models had been installed.

An unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers.

In an advisory issued, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials to further compromise the networks of US corporate and government networks.

The press release from the White House confirms past media reports citing unofficial sources that the Russian Foreign Intelligence Service, the SVR, was behind the SolarWinds hack.