Threat actors are using Hive ransomware variants to target the government, communication, critical manufacturing, information technology, and healthcare sectors.
Initial access is carried out with phishing emails or by exploiting flaws in Internet facing applications.
The adversaries exfiltrate sensitive information prior to encrypting files and threatens to release the stolen data if the ransom is not paid.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.