CybserSecurity News

Tag: ransomware attack

  • Play Ransomware Claims Breach of Defense Contractor ADC Aerospace, Stealing Client Data

    The American manufacturer of aerospace and defense components ADC Aerospace has come under scrutiny following a potential cyberattack: a post on the underground leak site operated by the ransomware group Play claims that corporate data and customer documents have been compromised.

    According to the attackers’ publication, they allegedly obtained access to client documentation, budgetary and financial records, payroll data, identification documents, and other confidential personal information. No proof-of-compromise samples were provided, making it impossible at present to verify the authenticity of these claims. Such announcements often serve as an initial warning to a victim—an attempt to pressure the organization before formal ransom demands begin.

    If the breach is confirmed, the consequences for ADC Aerospace could be severe. Stolen data may surface on shadow marketplaces, where information concerning contractors in the U.S. defense sector is traditionally in high demand. Particularly troubling is the potential exposure of employee payroll records, which contain a rich set of personal identifiers that can easily facilitate identity theft.

    The combination of financial and personal data dramatically expands the threat landscape for social-engineering attacks. With such information in hand, attackers can craft highly credible narratives—posing as industry representatives—to gain deeper access to internal systems.

    The risks are amplified by ADC Aerospace’s position within global supply chains. The company supplies components to major industry players, including Northrop Grumman, Collins Aerospace, Philips, Honeywell, and other leading defense and aerospace firms—potentially broadening the network of affected partners.

    The Play group is considered one of the most active ransomware operations in recent years. In August, it claimed responsibility for an attack on Jamco Aerospace, a supplier of components for both civilian and military aircraft, serving clients such as the U.S. Navy, Boeing, and Northrop Grumman. Play has also been linked to attacks on the Palo Alto County Sheriff’s Office in Iowa, the Donald W. Wyatt maximum-security prison in Rhode Island, cloud provider Rackspace, the German hotel chain H-Hotels, and the French division of BMW.

    According to Adlumin, Play was among the first groups to adopt intermittent encryption, a technique in which only select segments of the file system are encrypted. This accelerates operational disruption and data extraction, and the method has since been adopted by other prominent ransomware collectives, including ALPHV/BlackCat, DarkBit, and BianLian.

    ADC Aerospace has not yet issued an official statement regarding the extortionists’ claims. As of publication, Cybernews was unable to obtain a response from the company.

  • Jackson County Hit by Ransomware: Services Disrupted

    Jackson County, a Missouri jurisdiction home to over 715,000 residents, fell victim to a ransomware attack that disrupted its tax payment system and online services, including property registration, marriage license issuance, and inmate searches.

    County officials reported “significant disruptions within its IT systems, potentially attributable to a ransomware attack.” While some systems were rendered inoperative, others continued to function normally. As a result of the incident, offices responsible for assessments, tax collection, and real estate transactions have been indefinitely closed.

    Moobot botnet

    The cyberattack notably spared both the Kansas City Board of Elections and the Jackson County Election Board. Law enforcement and cybersecurity experts have been enlisted to mitigate the attack’s impact and restore system functionality.

    County employees are currently collaborating closely with cybersecurity partners to ascertain the incident’s cause and confirm the precise nature of the disruption. Although officials have yet to disclose whether the criminal group has identified itself or made ransom demands, measures are being taken to prevent the attack’s further spread.

    The closure of offices due to the incident is assessed to have significant repercussions for residents facing difficulties. Authorities have pledged to keep the public informed as the situation evolves. The incident was detected by county employees on the morning of April 2. It is noteworthy that Jackson County is not the sole target of cyberattacks in Missouri over the past year, with similar incidents affecting hospitals and transportation services.

  • Leicester Suffers Major Cyber Attack

    Authorities in Leicester, a city in Leicestershire, Britain, have reported a serious cyber incident that necessitated the temporary shutdown of the city’s operational systems and critical telephone lines.

    The disruption to services was first noticed on March 7, and the decision to temporarily disconnect was taken to avert potential adverse consequences.

    By March 8, local authorities officially labeled the emerging problem as a “cyber incident,” commonly understood to imply attacks involving malicious software, though no official confirmation has been made yet.

    Cybersecurity experts have speculated that the disruption might stem from a ransomware attack, but to date, no known ransomware groups have claimed responsibility for the incident.

    Cyber Espionage

    Leicester’s authorities assert they are collaborating with cybersecurity specialists and law enforcement to investigate the incident’s circumstances and restore system operations, with a particular focus on critical services.

    Some online forms for reporting child protection and accessing housing services became temporarily unavailable due to the attack, prompting the establishment of emergency telephone numbers. City officials have apologized for the inconvenience and vow to minimize the impact on essential services.

    Eerke Boiten, a cybersecurity professor at De Montfort University in Leicester, highlighted that such cyberattacks are not uncommon for municipalities, and their repercussions can significantly hinder the everyday operations of city services. However, he expressed confidence in the Leicester City Council’s strong information management reputation, which could minimize potential damage from the compromise.

    Leicester is not alone in facing such threats: over the past year, several other British municipalities have fallen victim to similar attacks.

    Cyber incidents involving malicious software and ransomware always deal a serious blow to the operations of city services and critical municipal systems, directly affecting citizens’ lives by creating obstacles and inconveniences to accessing everyday city services they rely on.

    Furthermore, in addition to virtual attacks, Britain has recently seen an increase in physical assaults on network infrastructure, including the cutting of communication cables and vandalism of equipment. Affected internet providers attribute these incidents to mere vandalism, though such attacks may be conducted with deliberate and malicious intent.