10 May 2024

6 min read

LockBit leader unmasked | Cyber Intelligence Briefing: 10 May

May 2024
Cyber Intelligence Briefing


Top news stories this week

  1. Unmasked. Dmitry Khoroshev identified as LockBit leader and sanctioned.
  2. Take cover. MoD data breach exposes details of 270,000 UK service personnel.
  3. Trouble in Singapore.  Law firm Shook Lin & Bok falls victim to Akira ransomware.
  4. Healthcare under fire. US healthcare giant Ascension and mobile healthcare provider DocGo suffer separate breaches.
  5. Don’t dellay. Dell confirms database hack allegedly impacting 49 million customer records.
  6. Insider threat. Consultant charged over USD 1.5 million extortion attempt on former employer.

1. Law enforcement unmask and sanction LockBit administrator LockBitSupp

The US, UK, and Australia have imposed sanctions on Dmitry Yuryevich Khoroshev, a Russian national identified as LockBitSupp, the leader of prolific ransomware gang LockBit. The group was hit last February by a coordinated law enforcement operation called Operation Cronos, after which the number of monthly LockBit attacks in the UK fell by 73% according to the National Crime Agency.

LockBitSupp has denied that he is Khoroshev, and the gang has published a large number of unverified victims on their new dark web leak site in retaliation.

So What?

Sanctions against Khoroshev will significantly reduce future ransom payments to LockBit and cause major disruption to the group. We expect LockBit affiliates to attempt to join other ransomware operations.

[Researcher: David Broome] 

2. UK Ministry of Defence payroll data compromised in attack on private contractor

Details of 270,000 UK service personnel were accessed in a cyber attack on Shared Services Connected Ltd (SSCL), a contractor which manages payroll data for the UK’s Ministry of Defence (MoD). Data taken includes identities, bank details, addresses and national insurance numbers of past and present military personnel. While many reports allege China is to blame for the incident the UK government is yet to officially attribute the attack and China has denied any involvement. 

So what?

Organisations should implement regular screening and effective vendor management when outsourcing key systems containing sensitive data to third parties.

[Researcher: Amy Gregan]

3. Investigation underway into ransomware attack at Singapore law firm

Singapore based law firm, Shook Lin & Bok, are one of the latest in the Asia Pacific region to fall victim to the Akira ransomware operator. The firm claim to have contained the incident and that client data is unaffected, but are alleged to have paid an equivalent of USD 1.4 million for a decryptor.

So what?

Analysis of attack trends indicates that the Asia Pacific region is becoming an increasingly attractive target for ransomware groups. S-RM has recently launched a full service cyber security offering, including incident response, in Asia with offices in Hong Kong, Singapore, and Kuala Lumpur

[Researcher: Aditya Ganjam Mahesh]



4. Asencion hospitals hit by cyber attack as patient data stolen from other healthcare providers 

Major US hospital operator Asencion has been hit by a cyber attack, causing widespread disruption to clinical operations. Separately, the US-based mobile healthcare provider DocGo has confirmed patient data was stolen in a breach which impacted the US-based ambulance services business. In the UK, sensitive patient data from NHS Dumfries and Galloway, including records relating to children's mental health, has been leaked on the dark web following a cyber attack earlier this year.

So what?

Data breaches involving protected data are likely to face tougher regulatory scrutiny under HIPAA in the US and GDPR in the UK. Organisations holding such data should ensure it is well protected.

[Researcher: Amy Gregan]

5. Dell confirms breach after hacker claims to have accessed 49 million customer records

US computer manufacturer Dell has notified customers that personal data, including names and addresses, may have been compromised in a data breach. Dell has not confirmed the source or scale of the breach, but last month a threat actor claimed to have stolen 49 million customer records in a dark web forum post which closely matched the impacted data.

So what?

Organisations should regularly monitor for suspicious activity on databases and ensure that they are not exposed to the internet if not required.

[Researcher: James Tytler]

6. Cyber consultant charged over USD 1.5 million extortion attempt 

An information security consultant has been charged with extortion after he attempted to obtain USD 1.5 million from his former employer to secure the deletion of confidential information he stole after being fired. Vincent Cannady, who reportedly worked for New York-based IT company Kyndryl, faces up to 20 years in prison if found guilty.

So what?

Organisations should implement robust off-boarding processes to prevent former employees from accessing sensitive documents after termination.

[Researcher: Waithera Junghae]


The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.