Svoboda Cybersecurity Brief April 21, 2025
Apr 21, 2025Chinese Ghost Hackers Target Hospitals and Factories in the U.S. and U.K.
A Chinese cybercrime group, Ghost, is conducting ransomware attacks against hospitals, factories, and government offices in the U.S. and U.K. The group, which is financially motivated and not state-sponsored, has rebranded multiple times (previously known as Cring, Crypt3r, and Hello) to evade detection. Victims include critical infrastructure sectors like energy and healthcare.
Source: DataBreaches.net
Behavioral Health Resources (BHR) Data Breach Affects 50K Patients
Behavioral Health Resources (BHR) in Washington has disclosed that 50,083 individuals were affected by a cyberattack detected in late 2024. The breach involved sensitive personal and medical data, though investigators could not confirm exfiltration. No ransomware group has claimed responsibility.
Source: DataBreaches.net
APT29 Deploys GRAPELOADER in Europe with Wine-Tasting Lures
APT29 (Cozy Bear), linked to Russia’s SVR, is using a new malware loader called GRAPELOADER in phishing campaigns against European diplomats. The attack mimics wine-tasting invitations and deploys malicious payloads via DLL sideloading (using “wine.zip”).
Impact: Diplomatic systems compromised, potential data theft.
Mitigation: Block domains (bakenhof[.]com, silry[.]com), monitor for suspicious DLL sideloading.
Source: The Hacker News
Share this brief: https://svo.bz/V57z