FBI warns of 'dangerous' hacking campaign linked to North Korean attack group
The Federal Bureau of Investigation (FBI), in collaboration with the US Cybersecurity and Infrastructure Security Agency (CISA), has issued a joint
cybersecurity advisory
following a surge in confirmed victims of
Play ransomware
attacks in May. The FBI reports that these threat actors have impacted over 900 organisations across North and South America, as well as Europe, including businesses and critical infrastructure providers.
The updated advisory, released as part of the ongoing Stop Ransomware campaign, includes findings from new investigations this year that reveal an evolution in the cybercriminal group's tactics, techniques and procedures (TTPs). The advisory aims to inform organisations on how to defend against these attacks.
Who are the hackers, why this is dangerous and more details
According to FBI (via Forbes) advisory, Play a closed ransomware group, operating independently to "guarantee the secrecy of deals" regarding exfiltrated data. Play ransomware is believed to be linked to Andariel, a North Korean state-sponsored attack group associated with the Democratic People's Republic of Korea's "Reconnaissance General Bureau." Researchers suggest Play is an "integral part" of Andariel's cyberattack arsenal, distributed by threat groups such as Balloonfly.
The hackers leave ransom notes with victims that do not include an initial demand or payment instructions. Instead, victims are directed to contact the attackers via email, often using unique German email domains. The FBI noted that some victims are contacted by telephone and threatened with data release to compel ransom payment.
Balloonfly has been implicated in multiple incidents involving Play ransomware deployment, primarily against businesses in the US and Europe, often using a malware backdoor to infect Windows systems.
Microsoft Threat Intelligence Center and Microsoft Security Response Center previously observed Play ransomware being deployed after attackers exploited a zero-day vulnerability in the Windows Common Log File System. This flaw was mitigated in April.
The FBI emphasizes that the Play ransomware campaign shows no signs of abating and urges organisations to enhance their defenses immediately.
AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
2 hours ago
- Time of India
FBI chief Kash Patel admits his house was swatted: What is swatting and why is it increasing in America?
Image credits: X/@Kash_Patel FBI director Kash Patel recently had an interview with popular podcaster Joe Rogan where he made a shocking revelation that his house had been swatted. Rogan, like the listeners of the podcast, appeared shocked by the admissions asking, "What? The head of the FBI gets swatted?" to which Patel replied 'These people play, it's the ultimate hypocrisy. They have two sets of rules: One against you, and one for them.' What is swatting and why is it becoming a rising problem in America? Explained: What is swatting? Image credits: X/@ClownWorld_ If there's any federal law system that is popular for its alacrity in response it's the American one. Be it 911 or SWAT, every call for emergency and protection is taken into account and immediate response is assured. Recently, the country has been experiencing a rise in the cases of swatting. Swatting includes false calls to the 911 or Special Weapons and Tactics Team (SWAT) reporting a false threat at a location. Swatters falsely report major threats like bomb threats, hostage situations and murders in order to ensure serious responses from the emergency services. The SWAT team responds to the locations and assumes the people residing there as points of threat. Swatting essentially makes the misuse of the responsiveness and alert actions of the federal teams and is also a threat to the life of the people whose houses are swatted as they are treated as points of threat with gunpoint and allegations. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Spiele kostenlos in deinem Browser - Kein Download oder Installation erforderlich! Taonga Farm Jetzt spielen Undo In the previous months, houses of popular names such as Conservative podcast and Infowars host Owen Shroyer, US journalist Larry Taunton, Jennifer Aniston, Justin Bieber, Rihanna and Nicki Minaj have also been swatted. Now added to the list is the head of the FBI, Kash Patel who himself has been very vocal on launching active campaigns against swatting and recognising the seriousness of the situation. 'I want to address the alarming rise in 'Swatting' incidents targeting media figures. The FBI is aware of this dangerous trend, and my team and I are already taking action to investigate and hold those responsible accountable,' Patel had posted on X a while ago. 'The one thing we will do is put out all that information to the American public.' Patel promised at Rogan's podcast. He added, 'And if we can work with our partners at the DOJ to come up with a prosecution, that will be their decision.' Why is swatting increasing in America? Image credits: Getty Images Well, American society is one of the most technologically-forward societies in the world. From social media to AI apps, there's not much hidden from people about each other. People overshare personal information on social media, their IP addresses are easily accessible by hackers, and they keep updating in real time where they are. These acts make it very easy for your abodes to be swatted. In order to prevent your house from being swatted, keep on checking the privacy settings on your emails and social media, update your passwords from time to time, and avoid sharing any kind of personal information such as your real-time location, hour or office address and more.
Hindustan Times
2 hours ago
- Hindustan Times
White House aide calls Los Angeles anti-ICE protests an 'insurrection'
* White House aide Stephen Miller calls LA protests an 'insurrection' * At least 44 migrants arrested on immigration violations WASHINGTON, - Senior White House aide Stephen Miller on Saturday condemned protests in downtown Los Angeles against federal immigration raids as an "insurrection" against the United States. Helmeted police in riot gear engaged in a tense confrontation with protesters on Friday night after Immigration and Customs Enforcement agents conducted enforcement operations in the city and arrested at least 44 people on immigration violations. "An insurrection against the laws and sovereignty of the United States," Miller, the White House deputy chief of staff, wrote on X. Miller, an immigration hardliner, was responding to video footage on X showing a large number of people protesting in downtown Los Angeles. The Los Angeles Police Department said it had not made any arrests related to the demonstration. FBI deputy director Dan Bongino posted on X that they were reviewing evidence from the protests. "We are working with the U.S. Attorney's Office to ensure the perpetrators are brought to justice," Bongino said. "The Right to assemble and protest does not include a license to attack law enforcement officers, or to impede and obstruct our lawful immigration operations." President Donald Trump has pledged to deport record numbers of people in the country illegally and lock down the U.S.-Mexico border, with the White House setting a goal for ICE to arrest at least 3,000 migrants per day. But the sweeping immigration crackdown has also included people legally residing in the country, including some with permanent residence, and has led to legal challenges. Television news footage earlier on Friday showed caravans of unmarked military-style vehicles and vans loaded with uniformed federal agents streaming through Los Angeles streets as part of the immigration enforcement operation. "Forty-four people on immigration charges," Yasmeen Pitts O'Keefe, a spokesperson for Homeland Security Investigations told Reuters on Saturday. The LD did not take part in the immigration enforcement. It was deployed to quell civil unrest after crowds protesting the deportation raids spray-painted anti-ICE slogans on the walls of a federal court building and gathered outside a nearby jail where some of the detainees were reportedly being held. Los Angeles Mayor Karen Bass in a statement condemned the immigration raids. "I am deeply angered by what has taken place," Bass said. "These tactics sow terror in our communities and disrupt basic principles of safety in our city. We will not stand for this."
Time of India
3 hours ago
- Time of India
Two persons arrested for Rs 10L travel voucher fraud
Rourkela: Cyber police arrested two employees of a local IT-enabled services company on Friday night for allegedly defrauding their German client of around Rs 10 lakh through unauthorised manipulation of travel vouchers. They have been identified as Goutam Kumar Marndi (23) and Pitamber Hembram (24), both residents of Sector-19 here. The accused, whose employer provided customer support services to the German firm, allegedly created unauthorised tickets using travel vouchers meant for compensating customers with cancelled bookings. "The accused exploited their legitimate access to German company's online portal to create unauthorized tickets, which they sold at 40% discount through WhatsApp and Telegram channels," said Serofina Xess, IIC, Cyber police station, Rourkela. Investigation revealed that Marndi and Hembram collaborated with external parties to sell these discounted tickets, causing significant financial loss to German company, which operates in over 43 countries. The fraud came to light on May 2, 2025, when the company discovered unauthorised leakage and misuse of these voucher codes. Police found multiple WhatsApp accounts linked to the fraud on the accused's mobile phones.
