Top news stories this week
- Fresh FortiBlood. UK Government credentials surface on the dark web.
- Disrupted. Authorities close in on criminal cyber networks.
- Consultants, compromised. Accenture confirms cyber incident after stolen data listed for sale.
- Vibe probing. Threat actors observed using AI tools.
- Vault breach. Deutsche Bank investigates supplier after stolen data surfaces on the dark web.
- Road to Data Breach. AssuranceAmerica confirms data breach that includes sensitive data.
1. UK Government credentials surface on the dark web
Russian-linked threat actors reportedly compromised email accounts belonging to UK government officials and Foreign Office personnel as part of the Fortibleed campaign, which exploited vulnerable Fortinet infrastructure to obtain valid credentials. The stolen credentials allegedly provide access to systems supporting government operations, critical national infrastructure, healthcare services, and national supply chains, with access being advertised for sale on dark web forums for up to GBP 44,000.
So what?
The sale of legitimate credentials significantly increases the risk of follow-on attacks. Organisations should ensure monitoring and detection capabilities are in place to identify misuse of compromised credentials and sensitive data exposure at the earliest opportunity.
[Researcher: Tlhalefo Dikolomela]
2. Authorities close in on criminal cyber networks
Canada’s Communications Security Establishment (CSE) conducted state-authorised cyber operations against multiple criminal groups, including a ransomware gang. The operations disrupted their infrastructure and deleted stolen ransomware data advertised on the dark web.
Separately, Spain's National Police have arrested a man suspected of being an active member of several pro-Russian hacktivist groups, including at least one that has been linked to a Russian state-backed threat actor. The groups are believed to be responsible for multiple cyberattacks targeting critical infrastructure across the United States and Europe.
So what?
Because arresting and prosecuting cyber criminals remains difficult, authorities target the infrastructure, recruitment, communications and revenue streams that enable these networks to operate at scale.
[Researcher: Milda Petraityte]
3. Accenture confirms cyber incident after stolen data listed for sale
IT Consulting giant Accenture has confirmed a cybersecurity incident after a threat actor offered allegedly stolen company data for sale on a cybercrime forum. While Accenture described the breach as an “isolated matter” with limited impact, the threat actor claims the data includes internal documents, credentials, and project information. The scope of the alleged breach remains unconfirmed.
So what?
Cybersecurity practitioners are encouraged to use short-lived credentials, rotate frequently, and securely store these secrets. Even security-focused technology providers can become targets and are not immune to these threat vectors.
[Researcher: Steve Ross]
4. Threat actors observed using AI tools
A 15-year old was arrested in Japan for allegedly using a ChatGPT-assisted program to carry out a sustained cyberattack against a media streaming service, gaining unauthorised access to member accounts and forcing account deletions at scale. Separately, a new phishing-as-a-service (PHaaS) operation was revealed to have combined adversary-in-the-middle (AiTM) attacks with AI-assisted lure generation.
SO WHAT?
AI-assisted tooling is lowering the skill threshold for attacks and continues to improve the apparent authenticity of phishing lures.
[Researcher: Lester Lim]
5. Deutsche Bank investigates supplier after dark web leak claim
The Unsafe ransomware group listed Deutsche Bank on its dark web leak site and published samples of allegedly stolen data. The exposed information reportedly included employee email addresses, password hashes, physical addresses and internal records. Deutsche Bank stated there was no indication its internal systems had been compromised and attributed the incident to a third-party provider operating a marketing platform for sales partners.
So What?
Organisations should validate such claims, assess potential exposure, and maintain strong oversight of suppliers that hold sensitive data
[Researcher: Gabriella Nolan]
6. Data breach at AssuranceAmerica exposes personal information such as driving licences
AssuranceAmerica disclosed a data breach that exposed the personal information of approximately 6.9 million individuals, including driver’s license numbers and other sensitive data. The incident occurred in mid-March, when unauthorized access to internal systems was discovered after attackers gained access through employee’s credentials likely through phishing or infostealer malware.
SO WHAT?
Credential theft is a commonly used initial access vector; the incident reinforces the need for strong identity security controls such as MFA, credential monitoring, and user awareness training.
[Researcher: Lena Krummeich]
