Luke Connolly
@lukeconnolly.bsky.social
Emsisoft Threat Analyst
Opinions are my own
Opinions are my own
Scattered Spider is believed based in the US & UK with social engineering attacks on UK retail (M&S, Harrods) and US Insurance (Aflac). Whispers say they may be behind attacks on WestJet & possibly even Hawaiian Airlines.
www.cbc.ca/news/canada/...
www.cbc.ca/news/canada/...
WestJet cyberattack remains unresolved one week in, airline says operations unaffected | CBC News
WestJet says a cyberattack that began last week remains unresolved, as questions linger about the nature and fallout of the breach.
www.cbc.ca
June 27, 2025 at 3:59 PM
Scattered Spider is believed based in the US & UK with social engineering attacks on UK retail (M&S, Harrods) and US Insurance (Aflac). Whispers say they may be behind attacks on WestJet & possibly even Hawaiian Airlines.
www.cbc.ca/news/canada/...
www.cbc.ca/news/canada/...
Starkville Utilities in MI files a Data Breach Notification with the Maine AG more than 6 months after the initial Oct '24 discovery of unauthorized activity. Surely we can do better to than take 6 months to notify those impacted?
May 7, 2025 at 12:44 PM
Starkville Utilities in MI files a Data Breach Notification with the Maine AG more than 6 months after the initial Oct '24 discovery of unauthorized activity. Surely we can do better to than take 6 months to notify those impacted?
Elmore County ID has files a Notice of Data Security Incident with the Idaho AG 3 weeks after the Apr.15 discover of unauthorized access. 3 Week turnaround is pretty good. Waiting 12+ months to notify those impacted, as some orgs do, is shameful.
May 7, 2025 at 12:34 PM
Elmore County ID has files a Notice of Data Security Incident with the Idaho AG 3 weeks after the Apr.15 discover of unauthorized access. 3 Week turnaround is pretty good. Waiting 12+ months to notify those impacted, as some orgs do, is shameful.
The City of Abilene, TX filed a Data Security Breach Report with the Texas AG two weeks after a network outage. TWO WEEKS is an awesome turnaround for notifying those impacted! Some orgs take a YEAR or more to notify!!!
www.darkreading.com/vulnerabilit...
www.darkreading.com/vulnerabilit...
City of Abilene Goes Offline in Wake of Cyberattack
The Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack.
www.darkreading.com
May 7, 2025 at 12:14 PM
The City of Abilene, TX filed a Data Security Breach Report with the Texas AG two weeks after a network outage. TWO WEEKS is an awesome turnaround for notifying those impacted! Some orgs take a YEAR or more to notify!!!
www.darkreading.com/vulnerabilit...
www.darkreading.com/vulnerabilit...
Frio County, TX today filed a Data Security Breach Report with the Texas AG.
April 24, 2025 at 2:04 PM
Frio County, TX today filed a Data Security Breach Report with the Texas AG.
Lampasas County, TX today filed a Data Security Breach Report with the Texas AG.
April 24, 2025 at 1:59 PM
Lampasas County, TX today filed a Data Security Breach Report with the Texas AG.
Criminal group Qilin are up to their old tricks, claiming to have stolen 50 GB of data from Bertie County Public Schools, comprising 7 schools in NC.
April 17, 2025 at 1:20 PM
Criminal group Qilin are up to their old tricks, claiming to have stolen 50 GB of data from Bertie County Public Schools, comprising 7 schools in NC.
Cybercriminals Qilin are low on caffeine today. They claim a breach of Nelson University (nelson.edu) in TX, or Nelson.com, which sells to EDU, based on Ontario ... their data has both. First seen in 2022, Qilin clearly needs some time off.
April 17, 2025 at 9:46 AM
Cybercriminals Qilin are low on caffeine today. They claim a breach of Nelson University (nelson.edu) in TX, or Nelson.com, which sells to EDU, based on Ontario ... their data has both. First seen in 2022, Qilin clearly needs some time off.
Criminal group Medusa claims to have stolen 500GB of data from Pawnee Heights Unified School District in KS, demanding $160k ransom. More on Medusa from CISA.gov: www.cisa.gov/news-events/...
April 16, 2025 at 10:21 AM
Criminal group Medusa claims to have stolen 500GB of data from Pawnee Heights Unified School District in KS, demanding $160k ransom. More on Medusa from CISA.gov: www.cisa.gov/news-events/...
Fall River Public Schools, comprising 17 schools in MA, is facing a network outage, with ransom attack claimed by cybercriminal group Medusa. Read more about the group: www.cisa.gov/news-events/...
April 14, 2025 at 10:31 AM
Fall River Public Schools, comprising 17 schools in MA, is facing a network outage, with ransom attack claimed by cybercriminal group Medusa. Read more about the group: www.cisa.gov/news-events/...
Cybercriminal group Interlock claims to be behind the breach of the Cherokee County School District in SC, first announced in mid-March. Since appearing in Sept'24, Interlock has multiple school and local governments among their two dozen victims.
April 4, 2025 at 1:32 PM
Cybercriminal group Interlock claims to be behind the breach of the Cherokee County School District in SC, first announced in mid-March. Since appearing in Sept'24, Interlock has multiple school and local governments among their two dozen victims.
Criminal group Rhysida claims to have stolen data from Okeene Public Schools in OK, demanding 5 bitcoin (~$85k) ransom. More on Rhysida: www.cisa.gov/news-events/...
March 25, 2025 at 11:10 AM
Criminal group Rhysida claims to have stolen data from Okeene Public Schools in OK, demanding 5 bitcoin (~$85k) ransom. More on Rhysida: www.cisa.gov/news-events/...
Austintown Local School District in OH has had person info of approx 180 students compromised as a result of a phishing incident. WFMJ-TV has the story: www.wfmj.com/story/525997...
March 21, 2025 at 10:01 AM
Austintown Local School District in OH has had person info of approx 180 students compromised as a result of a phishing incident. WFMJ-TV has the story: www.wfmj.com/story/525997...
Criminal group Medusa claims to have stolen 205 GB of data from Big Horn County School District #4 in Wyoming. Read about Medusa here: www.cisa.gov/news-events/...
March 20, 2025 at 6:16 PM
Criminal group Medusa claims to have stolen 205 GB of data from Big Horn County School District #4 in Wyoming. Read about Medusa here: www.cisa.gov/news-events/...
Criminal group Cloak claims to have stolen data from the Office of Attorney General of Virginia.
March 20, 2025 at 6:11 PM
Criminal group Cloak claims to have stolen data from the Office of Attorney General of Virginia.
Criminal group Cloak claims to have stolen data from Baltimore City Public Schools, a district that operates 154 schools.
March 20, 2025 at 6:07 PM
Criminal group Cloak claims to have stolen data from Baltimore City Public Schools, a district that operates 154 schools.
Fog ransomware group claims to have stolen data from Newtown Friends School in PA
March 20, 2025 at 6:01 PM
Fog ransomware group claims to have stolen data from Newtown Friends School in PA
Threat actor Qilin pressures Cleveland Municipal Court, breached 3 wks ago, with a post on their dark website. Emerging in 2022, Qilin has been consistently active this year and last with over 300 victims to date. More here: www.hhs.gov/sites/defaul...
March 19, 2025 at 11:48 AM
Threat actor Qilin pressures Cleveland Municipal Court, breached 3 wks ago, with a post on their dark website. Emerging in 2022, Qilin has been consistently active this year and last with over 300 victims to date. More here: www.hhs.gov/sites/defaul...
New criminal group - VanHelsing - appears and claims their first victim: City of Bellville, Texas
March 17, 2025 at 5:04 PM
New criminal group - VanHelsing - appears and claims their first victim: City of Bellville, Texas
Yesterday criminal group Babuk claimed to have breached the Florida DOT. At least they were honest enough to admit that they STOLE 800GB of data, rather than claiming pentesting BS. This has been their busiest month since first appearing in 2021.
March 17, 2025 at 11:03 AM
Yesterday criminal group Babuk claimed to have breached the Florida DOT. At least they were honest enough to admit that they STOLE 800GB of data, rather than claiming pentesting BS. This has been their busiest month since first appearing in 2021.
Criminal group RansomHouse claims to have stolen 1.5 TB of data from The Loretto Hospital in Chicago.
March 10, 2025 at 2:07 PM
Criminal group RansomHouse claims to have stolen 1.5 TB of data from The Loretto Hospital in Chicago.
New ransomware group appears (CrazyHunter), and 5 of their first 5 victims are in Taiwan. I wonder where CrazyHunter hails from?
March 9, 2025 at 6:10 PM
New ransomware group appears (CrazyHunter), and 5 of their first 5 victims are in Taiwan. I wonder where CrazyHunter hails from?
Hancock Public School in MN is the latest US K12 to fall victim; criminal group Interlock claims to have stolen 120 GB of data.
March 7, 2025 at 11:04 PM
Hancock Public School in MN is the latest US K12 to fall victim; criminal group Interlock claims to have stolen 120 GB of data.
At least 34 School Districts and 4 ESDs comprising an additional 60 SDs have been affected by the Carruth Compliance Consulting breach, with 469 GB of data claimed to have been stolen by new criminal group Skira. Supply chain attacks are devastating to K12!
March 7, 2025 at 12:51 PM
At least 34 School Districts and 4 ESDs comprising an additional 60 SDs have been affected by the Carruth Compliance Consulting breach, with 469 GB of data claimed to have been stolen by new criminal group Skira. Supply chain attacks are devastating to K12!
A new criminal group - Skira - emerged yesterday claiming 5 victims, including Carruth. Is there a relationship between these 2 breaches? Between RansomHub and Skira? When will spring finally arrive? Stay tuned
March 7, 2025 at 11:32 AM
A new criminal group - Skira - emerged yesterday claiming 5 victims, including Carruth. Is there a relationship between these 2 breaches? Between RansomHub and Skira? When will spring finally arrive? Stay tuned