Biggest Cyber Attacks, Data Breaches Ransomware Attacks: February 2024

Date: 4 March 2024

Featured Image

UnitedHealth, Axie Infinity co-founder’s personal accounts, Hewlett Packard Enterprise, AnyDesk, French healthcare payment service providers- Viamedis and Almerys, Integris Health, Schneider Electric, Lurie Children's Hospital, California union, Trans-Northern Pipelines - these are some of the victims of cyber crime in February 2024. Check out our compilation of the Biggest Cyber Attacks, Ransomware Attacks and Data Breaches in February 2024 below. 

  1. Ransomware Attacks in February 2024
  2. Cyber Attacks in February 2024
  3. Data Breaches in February 2024
  4. New Malware and Ransomware Discovered
  5. Vulnerabilities Discovered and Patches Released 
  6. Advisories issued, reports, analysis etc. in February 2024

We compile these accessible lists summarising recent cyber attacks each month to encourage and enable businesses globally to strengthen their cyber resilience. The ultimate goal is to inform and empower organisations to enhance their preparedness against various cybersecurity threats, including cyber attacks, ransomware incidents, and data breaches. 

A critical starting point for improving business cyber resilience is to create an effective and fit-for-purpose Cyber Incident Response Plan and Cyber Incident Response Playbook. Should you require support in reviewing or updating these critical resources, expert cybersecurity consultants such as our Virtual Cyber Assistants are perfect for the task. They help you elevate your cybersecurity maturity within a defined timeline and budget. 

It is also imperative that these cybersecurity artefacts are regularly tested and practised to make them a part of your team’s muscle memory. They must be thoroughly acquainted with these plans and should practise decision making for a crisis with regular Cyber Attack Tabletop Exercises

Building cyber resilience is a continuous endeavour that demands ongoing vigilance and concerted effort to improve cybersecurity preparedness. Although the journey towards enhanced cyber resilience may present challenges, it is indeed attainable with the right approach and resources. 

New call-to-action

Ransomware Attacks in February 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

February 01 and 28, 2024

Lurie Children's Hospital

Lurie Children's Hospital took systems offline after cyber attack;


Rhysida ransomware demands $3.6 million for children’s stolen data

Rhysida Ransomware

The cyber attack forced Lurie Children's Hospital to take its IT systems offline as the attack disrupted normal operations and delayed medical care in some instances. The healthcare provider said that the incident impacted the hospital's internet, email, phone services, and ability to access the MyChat platform. 

Lurie Children's Hospital ransomware attack 

February 08, 2024

California union (SEIU 1000)

California union confirms ransomware attack following LockBit claims

LockBit Ransomware

One of the largest unions in California confirmed that it was dealing with network disruptions due to a cyber incident. LockBit ransomware gang said it stole 308 gigabytes of data from the union that included employee Social Security numbers, salary information, financial documents and more.

California union ransomware attack

February 08, 2024

Hyundai Motor Europe

Hyundai Motor Europe hit by Black Basta ransomware attack

Black Basta Ransomware

Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. An image shared by the threat actors described lists of folders that were allegedly stolen from numerous Windows domains, including those from KIA Europe. 

Hyundai Europe ransomware attack

February 11, 2024

Hipocrate Information System (HIS)

Ransomware attack forces 100 Romanian hospitals to go offline

Unknown

Out of 100 hospitals, 25 hospitals confirmed to have had their data encrypted by the attackers, and 75 other healthcare facilities using HIS also took their systems offline as a precautionary measure while the incident is being investigated. The Romanian Ministry of Health said the attackers sent a ransom demand of 3.5 BTC (roughly €157,000).

Ransomware attack on 100 Romanian hospitals 

February 11, 2024

Fulton County, Georgia

LockBit claims ransomware attack on Fulton County, Georgia

LockBit Ransomware

The LockBit ransomware gang claimed to be behind the recent cyber attack on Fulton County, Georgia, and threatened to publish "confidential" documents if a ransom is not paid. Hackers breached the county’s systems during the last weekend of January, causing widespread IT outages that impacted phone, court, and tax systems.

Ransomware attack on Fulton County, Georgia 

February 13, 2024

Trans-Northern Pipelines

Trans-Northern Pipelines investigating ALPHV ransomware attack claims

ALPHV ransomware

Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2024 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. The incident impacted a limited number of internal computer systems, and the ransomware gang said its operators stole 183 GB of documents from the company's network.

Trans-Northern Pipelines (TNPI) ransomware attack

February 19, 2024

Critical infrastructure software maker PSI Software SE

Critical infrastructure software maker confirms ransomware attack

Unknown

PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that it suffered a ransomware attack that impacted its internal infrastructure. The attack forced it to disconnect several IT systems, including email, as a measure to mitigate the risk of data loss.

PSI Software SE ransomware attack  

February 23, 2024

Sony subsidiary Insomniac Games

Insomniac Games alerts employees hit by ransomware data breach

Rhysida Ransomware

Sony subsidiary Insomniac Games sent data breach notification letters to employees whose personal information was stolen and leaked online following a ransomware attack in November. In December, Sony said they were investigating the ransomware gang's claims that they breached Insomniac Games and stole over 1.3 million files from its network. After negotiations failed and the game studio refused to pay the $2 million ransom, Rhysida dumped 1.67 TB of documents on its dark web leak site.

Sony subsidiary Insomniac Games ransomware attack update

February 27, 2024

Hessen Consumer Center

Hessen Consumer Center says its systems were encrypted by ransomware

Unknown

The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability. 

Hessen Consumer Center ransomware attack


 
Back to Top 

New call-to-action

Cyber Attacks in February 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

February 13, 2024

PlayDapp

Hackers mint 1.79 billion crypto tokens from PlayDapp gaming platform

Unknown

Hackers were believed to have used a stolen private key to mint and steal over 1.79 billion PLA tokens, a cryptocurrency used within the PlayDapp ecosystem. An unauthorised wallet, apparently, minted 200 million PLA tokens, valued at the time at $36.5 million, and a blockchain security company PeckShield pointed to the possibility of the attacker using a leaked private key.

PlayDapp blockchain platform cyber attack

February 22, 26, and 28, 2024

UnitedHealth

UnitedHealth confirms Optum hack behind US healthcare billing outage.  


Ransomware gang claims it stole 6TB of Change Healthcare data

BlackCat Ransomware

Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyber attack by “nation-state” hackers on the Change Healthcare platform. In a statement published on their dark web leak site, BlackCat said that they allegedly stole 6TB of data from Change Healthcare's network belonging to "thousands of healthcare providers, insurance providers, pharmacies, etc."

UnitedHealth ransomware attack 

February 22, 2024

AT&T

Cell Phone outage hits AT&T customers nationwide; Verizon and T-Mobile users also affected

Suspected Chinese hackers

According to Downdetector, tens of thousands of AT&T customers were left without service for hours. 

Cell Phone outage cyber attack on AT&T customers; Verizon and T-Mobile users

February 22, 2024

Change Healthcare

Change Healthcare responds to cyber attack

BlackCat ransomware

Change Healthcare, a Nashville, TN-based provider of healthcare billing and data systems, confirmed that it is dealing with a cyber attack that has caused network disruption. The attack was detected on February 21, 2024, and immediate action was taken to contain the incident and prevent further impact.

Change Healthcare cyber attack

February 22, 2024

Axie Infinity

Hackers steal nearly $10 million from Axie Infinity co-founder’s personal accounts

Unknown

One of the co-founders of the video game Axie Infinity and the related Ronin Network had nearly $10 million in cryptocurrency stolen from personal accounts. Reports said that wallets allegedly belonging to Jeff “Jihoz” Zirlin were hacked to the tune of 3,248 ethereum coins, or about $9.7 million, and Zirlin confirmed on social media that two of his accounts were compromised.

Cyber attack on Axie Infinity co-founder

February 26, 2024

Steel producer ThyssenKrupp

Steel giant ThyssenKrupp confirms cyber attack on automotive division

Unknown

Steel giant ThyssenKrupp confirmed that hackers breached systems in its Automotive division, forcing them to shut down IT systems as part of its response and containment effort.

ThyssenKrupp cyber attack

February 26, 2024

FCKeditor plugin

Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning

Unknown

Threat actors exploited a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. Some organisations targeted by this campaign allegedly include educational institutions, such as MIT, Columbia University, University of Washington and Purdue amongst others. The campaign also targeted government and corporate sites using the outdated FCKeditor plugin, including Virginia's government site, Texas government site, Spain's government site, and Yellow Pages Canada.

FCKeditor plugin cyber attack


Back to Top 

New call-to-action

Data Breaches in February 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

February 01, 2024

Cloudflare

Cloudflare hacked using auth tokens stolen in Okta attack

Unknown

Cloudflare disclosed that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare's self-hosted Atlassian server on November 14 and then accessed the company's Confluence and Jira systems following a reconnaissance stage.

Cloudflare Data Breach

February 05, 2024

Hewlett Packard Enterprise

HPE investigates new breach after data for sale on hacking forum

IntelBroker (BreachForums Name)

Hewlett Packard Enterprise (HPE) investigated a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. The threat actor selling the alleged HPE data, shared screenshots of some of the supposedly stolen HPE credentials but is yet to disclose the source of the information or the method used to obtain it. 

Hewlett Packard Enterprise new data breach

February 05, 2024

Verizon

Verizon insider data breach hits over 63,000 employees

Unknown

Verizon Communications warned that an insider data breach impacted almost half its workforce, exposing sensitive information of 63,200 employees. A data breach notification shared with the Office of the Maine Attorney General revealed that a Verizon employee gained unauthorised access to a file containing sensitive employee information on September 21, 2024.

Verizon data breach

February 06, 2024

AnyDesk

AnyDesk says hackers breached its production servers, reset passwords

Unknown

AnyDesk confirmed that it suffered a cyber attack that allowed hackers to gain access to the company's production systems and they stole the source code and private code signing keys.

AnyDesk data breach

February 06, 2024

French healthcare payment service providers, Viamedis and Almerys

Data breaches at Viamedis and Almerys impact 33 million in France

Unknown

The company said the exposure included names, dates of birth, insurer details, social security numbers, marital status, civil status, and guarantees open to third-party payment. The data protection authority in France (CNIL) has now confirmed both data breaches and said that the attacks impacted 33 million people in the country.

Data breach attack on French healthcare payment service providers

February 12, 2024

Bank of America

Bank of America warns customers of data breach after vendor hack

LockBit Ransomware 

Bank of America warned customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year. Customers’ personally identifiable information (PII) was exposed in the security breach including the affected individuals' financial information, account and credit card numbers.

Bank of America data breach

February 13, 2024

Prudential Financial

Prudential Financial breached in data theft cyber attack

ALPHV Ransomware

Prudential Financial disclosed that its network was breached, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. Prudential said that the cybercrime group accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.

Prudential Financial data breach

February 13, 2024

Facebook Marketplace

200,000 Facebook Marketplace user records leaked on hacking forum

The 'algoatson' Discord handle

A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. IntelBroker claimed this partial Facebook Marketplace database was stolen by someone using the 'algoatson' Discord handle after hacking the systems of a Meta contractor.

Facebook Marketplace data breach

February 13, 2024

Integris Health

Integris Health says data breach impacted 2.4 million patients

Unknown

Integris Health reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people. 

Integris Health data breach

February 13, 2024

Schneider Electric

Cactus ransomware claim to steal 1.5 TB of Schneider Electric data

Cactus Ransomware

The Cactus ransomware gang claimed they stole 1.5 TB of data from Schneider Electric after breaching the company's network last month. 25MB of the allegedly stolen data was also leaked on the operation's dark web leak site as proof of the threat actor's claims, together with snapshots showing several American citizens' passports and non-disclosure agreement document scans.

Schneider Electric data breach

February 20, 2024

Prince George’s County Public Schools (PGCPS)

DC-area school system says data of 100,000 people affected in ransomware attack

Unknown

Prince George’s County Public Schools (PGCPS) in the Washington, D.C., suburbs said the personal information of nearly 100,000 people was breached by a ransomware gang right before classes started in the fall. According to a regulatory filing, the district school determined that “personal information was included in the potentially impacted data set.”

Prince George’s County Public Schools data breach 

February 22, 2024

Indian immigration department and other government and private organisations from S.Korea, Hong Kong, Kazakhstan, Malaysia, Mongolia, Nepal and Taiwan 

Leaked files from Chinese firm show vast international hacking effort

Suspected Chinese state-linked hackers 

A trove of leaked documents from a Chinese state-linked hacking group allegedly show that Beijing’s intelligence and military groups are attempting large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure — with hackers of one company claiming to be able to target users of Microsoft, Apple and Google as the cache — containing more than 570 files, images and chat logs — offers an unprecedented look inside the operations of one of the firms that Chinese government agencies hire for on-demand, mass data-collecting operations. 

Chinese data breach attack on Indian immigration department and on other large scale government and private companies

February 22, 2024

Indian PMO and EPFO

Indian authorities investigate data breach concerning PMO and EPFO

Unknown

Indian authorities are currently probing reports of a potential data breach implicating sensitive datasets from the Prime Minister’s Office (PMO) and the Employees’ Provident Fund Organisation (EPFO).

Data breach attack on Indian PMO and EPFO

February 22, 2024

U-Haul

U-Haul says hacker accessed customer records using stolen credentials

Unknown

U-Haul informed customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations, and the breach exposed customer records that include personal information but payment details have not been impacted.

U-Haul data breach

February 27, 2024

Pharmaceutical player Cencora

Pharmaceutical giant Cencora says data was stolen in a cyber attack

Unknown

Pharmaceutical giant Cencora said they suffered a cyber attack where threat actors stole data from corporate IT systems. The organisation said that data from its information systems had been exfiltrated, some of which may contain personal information.

Cencora data breach

February 29, 2024

Cutout.Pro, an AI-powered photo and video editing platform 

20 million Cutout.Pro user records leaked on data breach forum

'KryptonZambie' (on the BreachForums)

AI service Cutout.Pro suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. A threat actor using the alias 'KryptonZambie' shared a link on BreachForums hacking forum to CSV files containing 5.93 GB of data stolen from Cutout.Pro.

Data breach attack on an AI-powered photo and video editing platform Cutout.Pro 

February 29, 2024

Golden Corral Restaurant

Golden Corral restaurant chain data breach impacts 183,000 people

Unknown

The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyber attack stole the personal information of over 180,000 people. In a press release, the company said that attackers had access to its systems between August 11 and August 15 and stole the sensitive data of current and former employees and beneficiaries.

Golden Corral restaurant data breach


Back to Top 

New call-to-action

Back to Top 

New Ransomware/Malware Discovered in February 2024

New Malware

Summary

Source Link

new Ov3r_Stealer password-stealing malware

A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.

Facebook ads push new Ov3r_Stealer password-stealing malware

New RustDoor macOS malware

A new Rust-based macOS malware is spreading as a Visual Studio update to provide backdoor access to compromised systems using infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

New RustDoor macOS malware impersonates Visual Studio update

Raspberry Robin malware

Check Point highlights that the new Raspberry Robin campaign leverages exploits for CVE-2024-36802, and CVE-2024-29360, two local privilege escalation vulnerabilities in Microsoft Streaming Service Proxy and the Windows TPM Device Driver.

Raspberry Robin malware evolves with early access to Windows exploits

Bumblebee malware

The Bumblebee malware has returned after a four-month vacation, targeting thousands of organisations in the United States in phishing campaigns.

Bumblebee malware attacks are back after 4-month break

RansomHouse gang’s new MrAgent tool

The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encryptor across multiple VMware ESXi hypervisors.

RansomHouse gang automates VMware ESXi attacks with new MrAgent tool

New TinyTurla-NG malware

Security researchers have identified and analysed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target’s network and to steal sensitive data.

Turla hackers backdoor NGOs with new TinyTurla-NG malware

New Migo malware

Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called ‘Migo’ to mine for cryptocurrency.

New Migo malware disables protection features on Redis servers

 Back to Top 

New call-to-action

Vulnerabilities/Patches Discovered in February 2024

Date

New Malware/Flaws/Fixes

Summary

Source Link

February 03, 2024 

CVE-2024-23832

Mastodon, the free and open-source decentralised social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.

Mastodon vulnerability allows attackers to take over accounts

February 04, 2024

CVE-2024-21626

CVE-2024-23651

CVE-2024-23652

CVE-2024-23653

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.

Leaky Vessels flaws allow hackers to escape Docker, runc containers

February 06, 2024

CVE-2024-23917

JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. 

JetBrains warns of new TeamCity auth bypass vulnerability

February 06, 2024

CVE-2024-40547

A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms.

Critical flaw in Shim bootloader impacts major Linux distros

February 07, 2024

CVE-2024-23108, CVE-2024-23109, CVE-2024-34992

Fortinet warned of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

February 07, 2024

CVE-2024-20252 and CVE-2024-20254

Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.

Critical Cisco bug exposes Expressway gateways to CSRF attacks

February 08, 2024

CVE-2024-21762 / FG-IR-24-015

Fortinet warned that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. 

New Fortinet RCE flaw in SSL VPN likely exploited in attacks

February 12, 2024

CVE-2024-43770

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.

CISA: Roundcube email server bug now exploited in attacks

February 14, 2024

CVE-2024-24691

The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.

Zoom patches critical privilege elevation flaw in Windows apps

February 15, 2024

CVE-2024-22024, CVE-2024-46805, CVE-2024-21887, CVE-2024-21893, and CVE-2024-21888

Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.

Over 13,000 Ivanti gateways vulnerable to actively exploited bugs

February 17, 2024

CVE-2024-50387

A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period.

KeyTrap attack: Internet access disrupted with one DNS packet

February 17, 2024

CVE-2024-23476, CVE-2024-23479, CVE-2024-40057

SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.

SolarWinds fixes critical RCE bugs in access rights audit solution

February 27, 2024

CVE-2024-1709

The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.

Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks

 Back to Top

New call-to-action

 

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns.

Interpol operation Synergia takes down 1,300 servers used for cybercrime

Report

Secretary of State Antony J. Blinken announced a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States.

US announces visa ban on those linked to commercial spyware

Report

A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks.

Hackers steal data of 2 million in SQL injection, XSS attacks

Warning

LastPass warned that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.

Fake LastPass password manager spotted on Apple’s App Store

Report

South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.

Free Rhysida ransomware decryptor for Windows exploits RNG flaw

Report

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements.

FCC orders telecom carriers to report PII data breaches within 30 days

Report

The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.

FBI seizes Warzone RAT infrastructure, arrests malware vendor

Report

LockBit is supposedly relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked its servers. It is threatening to focus more attacks on the government sector. The ransomware gang announced it was resuming the ransomware business and released damage control communication admitting that “personal negligence and irresponsibility” led to law enforcement disrupting its activity in Operation Cronos.

LockBit ransomware returns, restores servers after police disruption

Warning

Russian military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners.

Russian hackers hijack Ubiquiti routers to launch stealthy attacks

Report

U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela.

New executive order bans mass sale of personal data to China, Russia

Back to Top 

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422