30th December – Threat Intelligence Report - Check Point Research

Latest News on Key Cybersecurity Incidents

Clop Ransomware Zero-Day Vulnerability

The latest news on Clop ransomware involves its recent extortion campaign targeting 66 companies that were victims of its data theft attacks. The Clop ransomware gang has announced that these companies have 48 hours to respond to their demands1. Additionally, there have been reports of the Clop ransomware group exploiting a zero-day vulnerability in SysAid, a help desk software, to spread its malware4.

Pittsburgh Regional Transit Ransomware Attack

The Pittsburgh Regional Transit (PRT) was hit by a ransomware attack, which disrupted its services and caused significant disruptions to transit operations35. This attack highlights the growing focus of ransomware gangs on critical infrastructure systems that directly impact public life.

OtterCookie Malware and North Korea

There is no recent news specifically linking OtterCookie malware to North Korea. However, North Korea has been associated with several high-profile cyberattacks, including the $308 million cryptocurrency heist from the Japanese exchange DMM Bitcoin in May 20241. The specific details of OtterCookie malware and its connection to North Korea are not provided in the recent news sources.

Detailed Context

• Clop Ransomware: The Clop ransomware gang has been active in extorting companies that were previously victims of its data theft attacks. This tactic of double extortion, where attackers steal data before encrypting it, has been a common strategy in recent ransomware attacks2.

• Pittsburgh Regional Transit: The ransomware attack on PRT underscores the vulnerability of critical infrastructure systems to cyber threats. Such attacks can have significant impacts on public services and daily life35.

• North Korean Cyberattacks: North Korea has been linked to several high-profile cyberattacks, including the DMM Bitcoin heist. However, there is no specific mention of OtterCookie malware in recent news sources1.

Trustworthy Citations

1. Bleeping Computer: Provides detailed information on the Clop ransomware gang's extortion campaign and its use of zero-day vulnerabilities1.
2. SC Media: Offers an in-depth analysis of ransomware trends in 2024, including the targeting of critical infrastructure and healthcare systems2.
3. Security Affairs: Reports on various cybersecurity incidents, including the Pittsburgh Regional Transit ransomware attack and ongoing RedLine information-stealing campaigns4.

These sources provide comprehensive and reliable information on the latest cybersecurity incidents.