Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Play Ransomware Claims Attack on MIPS Technologies

Pietro Melillo : 18 July 2024 12:20

In the last few hours, the Data Leak site of the ransomware gang Play Ransomware has published a new claim: the giant MIPS Technologies (www.mips.com) has been the victim of an attack.

Although the official publication is scheduled for July 19, 2024, the site has already made some details public, raising concerns among the company’s partners and customers.

Play Ransomware

Play Ransomware is one of the many ransomware gangs that have emerged in recent years. These criminal groups operate by encrypting victims’ data and demanding a ransom for restoration. Play Ransomware is distinguished by its strategy of publishing stolen data on Data Leak sites, increasing pressure on victims to pay the ransom. The gang recently denied offering the Ransomware-as-a-Service (RaaS) model, in which affiliates can use the ransomware in exchange for a share of the proceeds. This was clarified on their Data Leak site with a prominent notice, likely to avoid confusion and preserve their operational reputation.

SCONTO ESTREMO DEL 50% FINO AL 31 Dicembre sul corso Dark Web & Cyber Threat Intelligence in E-learning version

Il Dark Web e la Cyber Threat Intelligence rappresentano aree critiche per comprendere le minacce informatiche moderne. Tra ransomware, data breach e attività illecite, le organizzazioni devono affrontare sfide sempre più complesse per proteggere i propri dati e le infrastrutture. Il nostro corso “Dark Web & Cyber Threat Intelligence” ti guiderà attraverso i meccanismi e le strategie utilizzate dai criminali informatici, fornendoti competenze pratiche per monitorare, analizzare e anticipare le minacce.

Accedi alla pagina del corso condotto dall'Prof. Pietro Melillo sulla nostra Academy e segui l'anteprima gratuita.

Per un periodo limitato, potrai utilizzare il COUPON CTI-16253 che ti darà diritto ad uno sconto del 50% sul prezzo di copertina del corso
Per ulteriori informazioni, scrivici ad [email protected] oppure scrivici su Whatsapp al 379 163 8765.

Promo Corso CTI

Supporta RHC attraverso:


Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

Play Ransomware is known for exploiting vulnerabilities in public applications and using stolen account credentials to gain initial access to victims’ systems. A significant example is the exploitation of the “Citrix Bleed” vulnerability (CVE-2023-4966), which allowed the group to access sensitive information and conduct targeted attacks. Once access is obtained, the group uses a variety of legitimate but compromised tools to carry out its operations. Among these are PowerShell, Cobalt Strike, Mimikatz, and WinSCP, used for lateral movement, data exfiltration, and persistence within compromised networks.

Play Ransomware has hit over 300 organizations worldwide, including critical infrastructures and major cities like Oakland and Lowell, causing significant operational disruptions and the theft of sensitive data. The group tends to focus on small and medium-sized businesses, managed service providers, and government entities, with particular attention to North America and Europe. The group does not include ransom demands directly in the ransom notes but invites victims to contact them via email, usually with domains ending in @gmx.de. Payments are requested in cryptocurrencies, adding an additional layer of anonymity and difficulty for law enforcement to trace the funds.

MIPS Technologies: A Brief History

MIPS Technologies is a prominent name in the field of microprocessor technology. Founded in the 1980s, the company was a pioneer in the development of RISC (Reduced Instruction Set Computing) microprocessor architectures. These processors have found applications in various sectors, from embedded devices to servers and telecommunications systems.

Successes and Innovations

Over the years, MIPS has introduced numerous innovations that have revolutionized the world of microprocessor technology. Their RISC architectures have been adopted in a wide range of applications, demonstrating the effectiveness and flexibility of their designs. The company has continued to evolve, expanding its product portfolio and maintaining a prominent position in the global technology sector.

The Attack and Potential Consequences

According to information on the Play Ransomware site, the attack compromised an unspecified amount of sensitive data, including private and personal confidential documents, client documents, budgets, payrolls, accounting, contracts, tax information, IDs, and other financial information. The attack was added to the site on July 17, 2024, and the full publication is scheduled for July 19, 2024.

At the moment, we cannot accurately confirm the veracity of the breach, as the organization has not yet released any official press statement on their website regarding the incident. However, if confirmed, the data breach could include sensitive information about clients, internal details about ongoing projects, and other critical data.

Final Considerations

This article should be considered as an ‘intelligence source’ rather than a definitive confirmation of the data breach. The wait for an official statement from MIPS Technologies is crucial to verify the extent of the attack and understand the measures the company intends to adopt to mitigate the damage.

As is our custom, we always leave room for a statement from the company should they wish to provide us with updates on the matter. We will be happy to publish such information in a specific article highlighting the issue. RHC will monitor the evolution of the situation to publish further news on the blog, should there be substantial updates. If there are people informed about the facts who would like to provide information anonymously, they can use the whistleblower’s encrypted email.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"