itman 1,924 Posted August 2, 2024 Posted August 2, 2024 (edited) Quote A significant ransomware attack has recently compromised India's banking sector, affecting banks and payment providers. The attack has primarily targeted Brontoo Technology Solutions, a major partner of C-Edge Technologies Ltd, a collaboration between Tata Consultancy Services and State Bank of India. According to a new advisory published by CloudSek today, the initial breach occurred through a misconfigured Jenkins server at Brontoo Technology Solutions. Exploiting a known vulnerability (CVE-2024-23897), attackers gained secure shell access by reading private keys due to an open port 22. CloudSEK suspects, with moderate certainty, that initial access was brokered by IntelBroker, a threat actor on breach forums, and sold to the RansomEXX group for further exploitation. Regardless of initial access, however, the ransomware group responsible for this attack is confirmed to be RansomEXX, operating a more sophisticated malware variant, RansomEXX v2.0. Initially known as Defray777, this group has evolved since 2018, rebranding to RansomEXX in 2020. The v2.0 variant reflects advancements in encryption, evasion tactics and payload delivery. https://www.infosecurity-magazine.com/news/ransomexx-targets-indian-banking/ Edited August 2, 2024 by itman
Recommended Posts