216.73.217.80

Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure

· Published 20/08/2024 08:35 · Modified 20/08/2024 08:56

Export JSON

Essential information

Published
20/08/2024 08:35
Modified
20/08/2024 08:56
Tags
2024-08-20 CVE-2024-23897 banking india jenkins ransomexx ransomware vulnerability
Related entities
1 vulnerabilities (cve), 18 observables, 1 intrusion sets (apt), 27 techniques (mitre), 1 malware, 3 others

Description

CloudSEK's threat research team uncovered a attack impacting banks and payment providers in . The attack, initiated through a compromised server at Brontoo Technology Solutions, is attributed to the group. This sophisticated threat actor employs tactics like phishing, exploiting vulnerabilities, and using legitimate tools for lateral movement. The group exfiltrates data before encryption for double extortion and demands significant ransom payments, often negotiating based on the victim's perceived ability to pay. The attack highlights supply chain vulnerabilities and the need for robust cybersecurity practices across critical vendors and ecosystems.

External references