Dragonfire Cyber announced today that it had discovered an
apparently new Chinese cyber threat group, Meiyou Tuihuo – NoReturn. Dade Murphy,
President and CTO for Dragonfire, told reporters: “We have found unique
software tools and attack methods associated with a recent attack on a medical
supply company here in the US. The ransomware screen associated with the attack
was signed by “Méiyǒu Tuìhuò” which translates as ‘no returns’, an apparent
reference to the company’s plans to move their manufacturing base back to the
United States.
According to Murphy, the attack was initiated by one or more
phishing attacks. The NoReturn group was active on the company network for more
than a month before the ransomware attack was initiated across nearly every US
based computer in the company. The company paid the 1,000 bitcoin ransom and most
of the company files were released.
As Dragonfire searched company files as part of their
investigation, it found that many files were essentially empty folders; the
contents had been erased. All of the missing document were related to plans to
move the company’s manufacturing of medical supplies back to the United States.
This included all engineering files for restarting their closed facilities in
Delano, GA.
“This is a new phase of ransomware attacks,” Murphy told
reporters, “We have seen attackers stealing data in association with ransomware
attacks, but never this sort of targeted data destruction. It seems clear that the
NoReturn group is operating at a new level of economic warfare.”
The Federal Bureau of Inquiry is investigating this attack
as are a variety of intelligence agencies, according to FBI spokesman Johnathan
Quest.
No comments:
Post a Comment