itman 1,743 Posted August 2 Share Posted August 2 (edited) Quote A significant ransomware attack has recently compromised India's banking sector, affecting banks and payment providers. The attack has primarily targeted Brontoo Technology Solutions, a major partner of C-Edge Technologies Ltd, a collaboration between Tata Consultancy Services and State Bank of India. According to a new advisory published by CloudSek today, the initial breach occurred through a misconfigured Jenkins server at Brontoo Technology Solutions. Exploiting a known vulnerability (CVE-2024-23897), attackers gained secure shell access by reading private keys due to an open port 22. CloudSEK suspects, with moderate certainty, that initial access was brokered by IntelBroker, a threat actor on breach forums, and sold to the RansomEXX group for further exploitation. Regardless of initial access, however, the ransomware group responsible for this attack is confirmed to be RansomEXX, operating a more sophisticated malware variant, RansomEXX v2.0. Initially known as Defray777, this group has evolved since 2018, rebranding to RansomEXX in 2020. The v2.0 variant reflects advancements in encryption, evasion tactics and payload delivery. https://www.infosecurity-magazine.com/news/ransomexx-targets-indian-banking/ Edited August 2 by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.