Cybercrime , Fraud Management & Cybercrime
Breach Roundup: Activision, SAS, Dole, Atlassian, VGTRK
Incidents at Video Game Maker, Airline, Fruit Processor, SW and Broadcast CompaniesEvery week, Information Security Media Group rounds up cybersecurity incidents happening around the world. This week, we look at incidents affecing the maker of the video game Call of Duty, a Russsian broadcasting company, a renowned fruit and vegetable processor and Australian software maker Atlassian.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Activision Publishing
The Call of Duty video game maker confirmed to Insider Gaming a data breach in early December 2022, after hackers had gained access to the company's internal systems by tricking an employee with an SMS phishing text. The incident did not compromise game source code or player details but security research group Vx-underground says the threat actor "exfiltrated sensitive workplace documents" along with a content release schedule extending to Nov. 17, 2022.
Scandinavian Airlines - SAS
Hackers attacked Scandinavian Airlines and temporarily knocked out its website and mobile application. The airline says "some passengers' data became visible to other passengers who were active during the ongoing attack." A group that calls itself "Anonymous Sudan" claimed responsibility and took to a Telegram account to say the attack had been an act of retaliation for a January incident in which a Danish far-right politician burned a copy of the Quran outside the Turkish embassy in Stockholm.
Several other Scandinavian media and education outfits -including the Karolinska Institute, Swedish University Network and Lulea University of Technology - were hit by similar cyberattacks around the same time. And there were disruptions at Sweden’s national TV broadcasting company, SVT, on Feb. 15, possibly due to a distributed denial-of-service attack.
Dole
Fruit and vegetables processing giant Dole disclosed that the company had recently experienced a ransomware attack that has had "limited" impact on its operations. To contain the threat, a third-party cybersecurity team is working in partnership with Dole's internal teams round-the-clock to solve the issue and secure the systems. An apparent company memo posted on Facebook by a Texas grocery store indicates that Dole had to shut down processing and suspend shipments.
Atlassian
The Atlassian software company suffered a data leak after threat actors named "SiegedSec" posted apparent records of thousands of Atlassian employees, along with floor plans of the Australian company's offices. A review revealed that the hackers had obtained an employee credential through the third-party app Enjoy, which Atlassian uses to coordinate in-office resources. The employee mistakenly posted their credentials in a public repository, TechCrunch reported.
Envoy founder Larry Gadea tweeted that there is no evidence that the hackers have breached its internal systems. "We're investigating this right now and are not aware of any compromise to our systems. An API key associated with the customer was used to access data, much like any other customer or user would do as part of regular service," he wrote.
All-Russia State Television and Radio Broadcasting Co. - VGTRK
Russian state media websites broadcasting a speech by President Vladimir Putin on Tuesday reportedly experienced outages during the address. The All-Russia State Television and Radio Broadcasting Co. website and the Smotrim livestreaming platform where down for periods during the speech. A message on the All-Russia website said that "technical works were being carried out."