HQ/EMEAFind out how we can help your business
The Rhysida ransomware group has claimed responsibility for a recent cyberattack on China Energy Engineering Corporation (CEEC). This affected entity is a major state-owned energy conglomerate in China.
The notorious group has been actively attacking various organisations worldwide and added the CEEC to its increasing list of victims on its Tor leak site. Its most recent victim is the British Library.
The China Energy Engineering Corporation is one of the most prominent energy and infrastructure sectors globally, participating in diverse projects ranging from coal and hydropower to nuclear and renewable energy initiatives.
The Rhysida ransomware group revealed it had stolen troves of data from CEEC.
The Rhysida ransomware group claimed they had stolen CEEC-owned data and are now auctioning it for 50 BTC. Interestingly, the group plans to sell the data to a single buyer and has announced its intention to release it over seven days.
This attack comes from a joint Cybersecurity Advisory (CSA) issued by the FBI and CISA, warning about Rhysida ransomware activities. The advisory is part of the broader #StopRansomware effort and details the group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs).
Rhysida ransomware has targeted organisations across various industries, including education, healthcare, manufacturing, information technology, and government sectors. The group’s operation involves exploiting external-facing remote services, such as VPNs and RDPs, to gain initial access to target networks.
In addition, these threat actors use compromised credentials to authenticate them and infiltrate internal VPN access points. Furthermore, the threat actors have exploited the Zerologon vulnerability (CVE-2020-1472) in Microsoft’s Netlogon Remote Protocol through phishing attempts.
The Rhysida ransomware gang also heavily relies on living off-the-land techniques, utilising native network administration tools built into the operating system to execute malicious operations. As of now, these cybercriminals have successfully targeted at least 62 companies, emphasising their status as opportunistic attackers with a wide range of victims.
Finally, the Rhysida ransomware group remains a formidable adversary for every cybersecurity provider and organisation. Therefore, organisations and experts should increase their efforts to raise awareness and enhance defences against such cyber threats.
