svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief June 07, 2025

Jun 07, 2025

bulletproof VPN - stay anonymous

New PathWiper Data Wiper Targets Ukrainian Critical Infrastructure

A new data wiper malware named PathWiper has been deployed against Ukrainian critical infrastructure, attributed to a Russia-linked APT. The malware corrupts critical NTFS structures (MBR, $MFT, $LogFile, $Boot) via a VBScript dropper, rendering systems inoperable. The attack mimics legitimate admin tools to evade detection.
Impact: Complete system destruction with no recovery option, aimed at disrupting operations.
Mitigation: Deploy Snort rules (provided by Cisco Talos) and monitor for suspicious admin tool usage.
Source: BleepingComputer

Kettering Health Confirms Interlock Ransomware Attack

Kettering Health, a major Ohio healthcare provider, confirmed a Interlock ransomware attack in May, resulting in 941 GB of stolen data, including patient records, payroll, and identity documents. The gang used NodeSnake RAT and ClickFix techniques for initial access.
Impact: Operational disruption (EHR downtime, canceled procedures) and sensitive data exposure.
Mitigation: Network segmentation, enhanced monitoring, and updated access controls.
Source: BleepingComputer

$10M Reward Offered for RedLine Malware Developer

The U.S. Rewards for Justice program is offering $10 million for information on Maxim Rudometov, developer of the RedLine infostealer malware. Rudometov, linked to Russian infrastructure, used aliases like “dendimirror” and laundered payments via cryptocurrency.
Source: DataBreaches

PowerSchool Hacker Pleads Guilty to Cyber Extortion

Matthew Lane, 19, pleaded guilty to hacking PowerSchool and a telecom, extorting $200,000 from the telecom and demanding $2.85M in Bitcoin from PowerSchool. Charges include aggravated identity theft and unauthorized access. Sentencing is set for September 11.
Source: DataBreaches

Optima Tax Relief Hit by Chaos Ransomware

Chaos ransomware leaked 69 GB of data from Optima Tax Relief, including sensitive client tax documents. The double-extortion attack involved encryption and data theft, posing high risk for identity theft.
Impact: Exposure of SSNs, addresses, and financial data.
Mitigation: Review endpoint security and restrict unauthorized admin tool usage.
Source: BleepingComputer

Cisco Patches Critical ISE Vulnerability

Cisco fixed a critical vulnerability (CVE unassigned) in Identity Services Engine (ISE) with a public PoC available. Exploits could allow remote code execution.
Impact: Potential RCE on unpatched systems.
Mitigation: Apply Cisco’s latest ISE patches immediately.
Source: SecurityWeek

HPE Fixes Critical StoreOnce Vulnerability

HPE addressed a critical flaw in StoreOnce backup systems (CVE unassigned) that could lead to unauthorized access or data manipulation.
Impact: Compromise of backup integrity.
Mitigation: Update to the latest StoreOnce firmware.
Source: SecurityWeek

Share this brief: https://svo.bz/FBbz

If you want to support us, you can donate here: Donate