New research that has found threat actors selling access to the networks of various US government organisations including access to the Chief of police in various states, and the VPN portal of a city in Arizona. This research comes after the news that the Washington DC police department suffered a ransomware attack by the Russian ransomware gang, Babuk
Andrey Yakovlev, Security Researcher at IntSights comments on the research:
“It’s simply another Monday for Russian hackers. Babuk is a relatively new ransomware group that does not target the Russian Federation or other CIS counties and hospitals (besides private plastic clinics and dentistry). They focus on Hyper-V and ESXi virtualisation technologies and accept only proficient partners.
With that being said, the hack of the Washington DC police is a clear cut, gangsomware case and usually in cases such as this one, there isn’t a lot of dark web chatter. Ransomware operators not only wait for a relevant application to come to an affiliate’s program, but they also actively monitor offers of access to internal networks which are constantly being sold on the dark web. While there is no data from this particular breach on the dark web, threat actors are actively targeting police departments across the US. For example, we have seen that there has been one threat actor targeting US government institutions and police departments.
Our research has found that one of the sales from this threat actor was published in February and the hacker offered access to a VPN portal of a city in Arizona that included access to the City Court System, City Government, Police Department, Fire Department, Solid Waste, Recreation Services, Engineering Services, Utility Services, Library, Fleet Services, Airport, Finance, Street Maintenance, Animal Control, Human Resources, Legal and Information Technology.
The second sale offers access to “Chiefs of Police (US State disclosed to buyer)”. The hacker also offers access to: “Sheriff’s Office in **, Ohio, USA”, “(gov) County of **, Pennsylvania, USA”, “(gov) County of **, Missouri, USA”, “(gov) City of **, Georgia, USA”, “(gov) City of **, Florida, USA”, “(gov) County of ** Water District, Arkansas, USA”.
Government organisations hold significant personal information on many people, some of which may be high profile personnel. Because of this, it is a prime target for threat actors and nation-state attackers alike.”
To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922