ICBC ransomware attack and ChatGPT outage
ICBC suffers ransomware attack, OpenAI links ongoing ChatGPT outages to DDoS campaign and Google Ads CPU-Z malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. ICBC discloses ransomware attack that reportedly disrupted U.S. Treasuries
On November 8, the Industrial & Commercial Bank of China (ICBC) suffered a ransomware attack that disrupted its financial services. The attack specifically affected U.S. Treasury market trades and repo financing transactions. Equity traders also faced significant disruptions due to the bank’s ability to connect to DTCC/NSCC. ICBC responded by isolating the affected systems and launched an investigation with security experts.
2. OpenAI links recent ChatGPT outages to DDoS attacks
OpenAI has linked recent outages affecting ChatGPT and its developer tools to a Distributed Denial-of-Service (DDoS) attack. ChatGPT users faced sporadic access issues on November 8, receiving messages about the service being at capacity. Initially, OpenAI CEO Sam Altman attributed the problem to high interest in new features. However, the company later updated its incident report to reveal the outages happened due to a DDoS.
3. Threat actor abuses Google Ads to distribute malware-laden CPU-Z installer
Malwarebytes recently discovered a cyberattack using Google Ads to distribute a trojanized CPU-Z tool carrying the Redline malware. The campaign involved a fake Windows news site clone hosting the malicious ad. Users who clicked were led to download a signed CPU-Z installer embedded with malware. This installer launched the Redline Stealer, designed to steal sensitive data. Google has since removed these ads and acted against the accounts responsible.
4. Microsoft reveals hackers exploited zero-day flaw SysAid IT support in Cl0p ransomware campaign
SysAid has alerted its customers to patch their systems against a zero-day vulnerability exploited to deploy ransomware. Discovered after a tip from Microsoft, the flaw enables remote code execution where the threat actor behind the attack conducts a multi-stage attack using a WebShell and other payloads. The hacker is reportedly using this vulnerability to install Cl0p ransomware. SysAid advises updating to version 23.3.36 and conducting thorough network assessments to avoid further compromises.
5. North Korea hacking group blamed for infiltrating Macs with ObjCShellz malware
The North Korean-backed BlueNoroff group recently launched a new macOS malware targeting Apple customers. Dubbed ObjCShellz, it enables remote shell access on compromised devices. ObjCShellz impacts Intel and Arm Macs and executes commands on infected systems in the post-exploitation stage. Security analysts suggest this malware is part of a broader attack involving social engineering.
See Infosec IQ in action