Fortinet confirms hacker claimed they stole 440 GB of files on a third-party cloud drive
Fortinet has confirmed a data breach where attackers accessed files on a third-party cloud drive. A threat actor claimed to have stolen 440 GB of data from Fortinet’s SharePoint instance and posted it on a hacking forum.
The breach reportedly involved data from a small number of customers, though Fortinet did not specify how many or what data was compromised. The company communicated directly with affected customers and reported that less than 0.3% of its customer base was impacted. Fortinet stated that no malicious activity or disruption to services was detected.
Fortinet refused to pay a ransom demanded by the attacker. In a previous breach in 2021, over 87,000 VPN credentials were exposed. Fortinet is a cybersecurity company with a reported revenue of $1.43 billion in the second quarter of 2024.
RansomHub ransomware group hits Kawasaki Motors Europe with cyberattack
Kawasaki Motors Europe, with a revenue of €850 million in 2023, recently faced a cyberattack by the RansomHub ransomware group.
While Kawasaki confirmed the breach, they stated that the attack was unsuccessful in compromising operations. The company isolated servers as a precaution, and more than 90% of server functionality has been restored. RansomHub claimed to have stolen 487 GB of data, which it has posted on the dark web. The data reportedly includes sensitive information like phone numbers and financial details.
Since its emergence in 2024, RansomHub has targeted over 210 organizations, using double-extortion tactics. Federal agencies have advised companies to strengthen security measures against RansomHub.
Mustang Panda espionage group uses new malware tools in government attacks
Mustang Panda, a China-based cyber espionage group, has switched to new malware tools called FDMTP and PTSOCKET to steal sensitive data from targeted networks.
In recent attacks, they’ve used a modified version of the HIUPAN worm to spread PUBLOAD malware via infected removable drives, rather than their usual spear-phishing tactics. Once inside the network, PUBLOAD establishes itself, maps the network, and collects data, while FDMTP serves as a backup control tool. PTSOCKET, a custom file transfer tool, acts as an alternative exfiltration method to using PUBLOAD.
Their focus remains on stealing document files from high-value targets, mainly government organizations.
Rhysida ransomware attack on Port of Seattle results in $5.8 million ransom demand
The Port of Seattle fell victim to a ransomware attack by the Rhysida gang on August 24, affecting both the port and Seattle-Tacoma International Airport.
The attackers demanded 100 bitcoins ($5.8 million) and threatened to publish three terabytes of stolen data, including sensitive personal information. The Port refused to pay the ransom, leading to disruptions in airport services like check-in kiosks and Wi-Fi. Rhysida posted some data online, including personal documents and employee information.
Despite the attack, most systems were restored within a week, with ongoing efforts to fully recover. The Port emphasized its commitment to resilience and security improvements. Authorities continue investigating the data breach and its full impact.
Germany’s Radio Geretsried forced to broadcast music from backups following cyberattack
Radio Geretsried, a Bavarian station, was forced to broadcast music from backups after a ransomware attack encrypted its files.
The station blamed "unknown attackers from Russia" and reported that attackers demanded a large ransom. Staff are working to restore systems, but the disruption is expected to continue.
Germany’s Federal Office for Information Security (BSI) has warned that ransomware is the fastest-growing cybercrime threat. Ransomware attacks have increasingly targeted German institutions, including universities, hospitals and businesses.
