Threat Briefing: July 19, 2024

Two notable judicial actions affecting cybersecurity are in the news this week. First, two foreign nationals pleaded guilty in federal court for distributing LockBit ransomware and are now awaiting sentencing. Second, a federal judge dismissed most of the charges against SolarWinds for their actions following their breach by Russian cyber actors in 2021. Also, more details emerged about the cyber incident impacting AT&T, including the ransom paid by the company to have the cyber threat actors delete stolen data.

While cybercriminals sometimes face an actual courtroom for their actions, victims often still have to pay thousands or millions of dollars to respond and recover from cyber-attacks. Implementing a robust security program and establishing policies that utilize cybersecurity best practices are key for organizations to protect themselves from cyber-attacks.

• AT&T Paid $370,000 to Cyber Actor Involved in Data Theft, Money Laundered Through Cryptocurrency Mixers and Gambling Services – AT&T made the payment in bitcoin, worth 5.72 bitcoins on May 17. As part of the attack, call logs and texts were stolen from 109 million AT&T customers in 2022. Funds were sent to two different centralized exchanges and a gambling service. The majority of the funds paid to the cyber threat actor were laundered through swap services. The Record
• Two Russian Nationals Plead Guilty to Role in Deploying LockBit Ransomware – Both Russian nationals were linked to 12 separate ransomware attacks, impacting victims in the U.S., United Kingdom, Switzerland, Japan, France, Scotland, and Kenya. As part of their ransomware attacks, they profited over $2 million from ransom payments. To date, the U.S. government has indicted six individuals for their role in developing and distributing LockBit, including the alleged developer. U.S. Attorney’s Office, District of New Jersey
• 500,000 Domains Registered to Support Infostealer Campaign Linked to Cyber Criminal Group Revolver Rabbit – The group is conducting a campaign targeting Windows and macOS devices. The Revolver Rabbit group utilized a registered domain generation algorithm to automatically register domains. The group is distributing the XLoader infostealer, which is a successor to the Formbook infostealer malware. Bleeping Computer

• U.S. District Court Judge Dismisses Most of the Case Against SolarWinds – The case against SolarWinds was brought by the U.S. Securities & Exchange Commission (SEC) following the compromise of SolarWinds by Russian cyber actors. The SEC charged SolarWinds with lying to investors about its cybersecurity practices and not disclosing risks between 2017 and 2021. The case against SolarWinds is believed to be one of the first attempts by the SEC to hold companies accountable for their cybersecurity practices. The Record
• Senate Bill Would Ban Federal Agencies from Purchasing Equipment from Unauthorized Resellers – The Securing America’s Federal Equipment (SAFE) in Supply Chains Act was introduced to address concerns about purchasing counterfeit information and communications technology products. Federal agencies currently can purchase equipment from unauthorized resellers, however, under the new bill they would need to purchase equipment from authorized resellers or original equipment manufacturers. The U.S. government previously found counterfeit Cisco equipment in government agencies. FedScoop