Cyber Security Headlines: Lazarus hit CoinX, Thailand’s CardX breach, trucking software attack

Lazarus Group suspected in CoinEx robbery

The theft of $31 million in digital assets from the CoinEx exchange that occurred on September 12 and that we reported on on Thursday has not been confirmed by at least three independent authorities to have been the work of the North Korea-linked Lazarus Group. The smoking gun in this case was an address that had been used by the group in a previous crypto theft. Analysts from the blockchain security firm Elliptic suggest that these latest attacks are an indication of the group’s “shift in focus from decentralized services to centralized ones…likely motivated by improvements in smart contract auditing and development standards in the DeFi space and increased access offered by centralized exchanges via social engineering attacks.”

(The Hacker News)

Thailand financial company CardX discloses leak

The CardX company is part of Thailand’s SCB X group, which itself is a holding company for The Siam Commercial Bank Public Company. On Friday CardX announced a cybersecurity incident that exposed personal loan and cash card applications. The company emphasized that this information cannot be used for financial transactions, but warned customers to be wary of suspicious communications. It emphasized also that the incident was “unrelated to the information systems of Siam Commercial Bank or any other companies in their group.”

(Security Affairs)

Ransomware hits trucking software provider

New Jersey-based ORBCOMM on Friday disclosed a ransomware attack that occurred on September 6 that impacted their FleetManager platform and BT product line. ORBCOMM provides, among other things, electronic logging device systems that are required by the U.S. Department of Transportation to monitor drivers’ driving time. The disruption has forced drivers to return to paper logbooks. At Friday’s announcement, the company would not say which ransomware group was behind the incident or whether a ransom would be paid.

(The Record)

Iranian espionage campaign focused on satellite and defense sectors

According to a report from Microsoft posted Thursday, a group named Peach Sandstorm used spray attacks on thousands of organizations in a campaign that ran from February to July. Although password spray attacks are relatively easy to detect, Microsoft is expressing concern about the group’s potential ability to deploy more sophisticated methods once they gain access. 


Thanks to this week’s episode sponsor, Hyperproof

Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit to get a demo.

Colombian government ministries suffer from cyberattack on their network provider

In Colombia, several government ministries, including the Ministry of Health and Social Protection, the Judiciary Branch and the Superintendency of Industry and Commerce are dealing with a cyberattack on their provider IFX Networks Colombia. This is affecting court dates and is forcing the Ministries to work out alternative methods for delivering their services. Although no group has yet claimed responsibility, experts are seeing strong similarities in the ransom note to one used by the RansomHouse group on Colombian healthcare provider Keralty last November.

(The Record)

North Carolina hospitals suffer from Clop-MoveIt campaign

Nuance, a healthcare technology company owned by Microsoft, has confirmed the theft of personal data from 13 North Carolina hospital groups related to the ongoing MOVEIt campaign, and driven by the Clop group. The data stolen includes patients’ demographic information and the services they received. Nuance addressed and fixed the issue immediately upon learning about the flaw from Progress on May 31, but they warn patients and others to be wary of suspicious activity. The hospital groups affected are:

(Security Affairs)

Last week in ransomware

Obviously the story of the week last week was the attacks on the MGM and Caesars casino chains in Las Vegas. Caesars paid the ransom demand, after negotiating it down to $15 million from $30 million, according to the Wall Street Journal. The attacks were conducted by BlackCat/ALPHV ransomware affiliate Scattered Spider, exploiting 100 VMware ESXi servers. In addition to the police forces of Manchester, and ORBCOMM trucking software mentioned earlier, New Zealand’s Aukland Transportation Authority was hit last week and a new ransomware operation called 3AM was discovered finishing off a job that LockBit was blocked on.

(Bleeping Computer and Cyber Security Headlines)

Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.