EclecticIQ

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Johnson Controls Ransomware Attack; Lazarus LinkedIn Attack; NATO Cyber Breach 

This issue of the Analyst Prompt addresses a ransomware attack against Johnson Controls, a patient data breach at McLaren Health Care, a zero-day vulnerability affecting Exim, a LinkedIn attack by Lazarus against an aerospace firm and the second NATO cyber breach claimed by SiegedSec. 

Ippolito Forni October 11, 2023

tap 19 - 2023

Johnson Controls Faces Major Ransomware Attack; Dark Angels Group Demands $51 Million  

Johnson Controls International, a major multinational conglomerate that produces industrial control systems, security equipment, and more, has been hit by a ransomware attack. The attack encrypted numerous company devices, including VMware ESXi servers, disrupting the operations of both the main company and its subsidiaries. The breach reportedly began at the company's Asia offices. Following the attack, many of its subsidiaries displayed technical outage messages on their websites. The Dark Angels ransomware group is believed to be behind the attack, demanding a $51 million ransom and claiming to have stolen over 27 TB of corporate data. Johnson Controls has acknowledged the cybersecurity incident and is working with external experts to investigate. [1

ALPHV/BlackCat Ransomware Targets McLaren Health Care, Claims Breach of 2.5 Million Patient Data      

The ALPHV/BlackCat ransomware gang has targeted McLaren Health Care in Michigan, USA, claiming to have stolen data from 2.5 million patients. The gang accuses McLaren of trying to hide the breach and asserts they still have access to the organization's network. The group's message suggests that McLaren attempted to negotiate with them and downplayed the breach's severity. The ALPHV ransomware group has been active in recent weeks, targeting various entities, including Clarion and the Motel One hotel chain. Since its inception in November 2021, the gang has attacked numerous organizations, demanding ransoms ranging from thousands to millions of dollars. [2]  

Unpatched Exim Vulnerability Exposes Over 3.5 Million Servers to Remote Code Execution 

A critical zero-day vulnerability, identified as CVE-2023-42115 with a CVSS score of 9.8, affects all versions of the Exim mail transfer agent (MTA) software. This vulnerability allows remote attackers to execute arbitrary code on affected Exim installations without requiring authentication. The vulnerability stems from an Out-of-bounds Write issue in the SMTP service, which arises due to the lack of proper validation of user-supplied data, potentially leading to a write past the end of a buffer. An anonymous researcher disclosed this flaw through Trend Micro’s Zero Day Initiative (ZDI) on June 6, 2022, and ZDI reported it to the vendor on June 14, 2022. Despite more than a year having passed since the disclosure, the vulnerability remains unpatched. As of the report, over 3.5 million Exim servers are exposed online. The only suggested mitigation strategy is to restrict access to the application to trusted networks. [3] 

Lazarus Group's Stealthy LinkedIn Attack on Spanish Aerospace Firm Unveiled 

ESET researchers uncovered a cyberattack by the Lazarus group against a Spanish aerospace company. The attackers posed as Meta recruiters on LinkedIn, using job offers to lure employees. The actor delivered malicious executables via ISO images on third-party cloud storage masqueraded as coding challenges. The primary tool used was an HTTP(S) downloader named NickelLoader, which subsequently deployed a new remote access trojan (RAT) called LightlessCan. This RAT mimics native Windows commands, enhancing its stealth. The attack underscores the continuous evolution of Lazarus's tactics and the need for heightened awareness against unsolicited messages. [4]    

NATO Faces Second Alleged Cyber Breach by Hacktivist Group SiegedSec 

NATO is investigating claims by the hacktivist group SiegedSec that they breached NATO's computer systems for the second time in three months. SiegedSec alleges they stole around 3,000 NATO documents, amounting to over nine gigabytes of data. In response, NATO has implemented additional cybersecurity measures, emphasizing that there has been no impact on their missions or operations.  In July, SiegedSec claimed to have stolen 700 files from a NATO portal. The group, which emerged on Telegram in April 2022, has a history of politically motivated attacks and denies any state affiliations. They have targeted various entities, from state websites to satellite receivers, often citing political motivations. Recently, the group has hinted at connections with other cybercrime groups involved in extortion activities. [5] 

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack: https://cti.eclecticiq.com/taxii/discovery.

Please refer to our support page for guidance on how to access the feeds.

About EclecticIQ Intelligence and Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence and Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research toward your priority area.

You might also be interested in:

Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia

Ransomware and DDoS Feature in The Apex of Crime-as-a-Service Report

Decrypting Key Group Ransomware: Emerging Financially Motivated Cyber Crime Gang

Appendix

[1] “Building automation giant Johnson Controls hit by ransomware attack,” BleepingComputer. Accessed: Oct. 09, 2023. [Online]. Available: https://www.bleepingcomputer.com/news/security/building-automation-giant-johnson-controls-hit-by-ransomware-attack/  

[2] P. Paganini, “BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care,” Security Affairs. Accessed: Oct. 09, 2023. [Online]. Available: https://securityaffairs.com/151748/cyber-crime/mclaren-health-care-blackcat-ransomware.html 

[3] P. Paganini, “A still unpatched 0-day RCE impacts more than 3.5M Exim servers,” Security Affairs. Accessed: Oct. 09, 2023. [Online]. Available: https://securityaffairs.com/151693/hacking/cve-2023-42115-exim-mail-transfer.html  

[4] “Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company.” Accessed: Oct. 09, 2023. [Online]. Available: https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/  

[5] A. J. Vicens, “NATO investigating breach, leak of internal documents,” CyberScoop. Accessed: Oct. 09, 2023. [Online]. Available: https://cyberscoop.com/nato-siegedsec-breac/ 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2024 EclecticIQ B.V.
EclecticIQ. Intelligence, Automation, Collaboration.
Get demo