Summary: A ransomware attack attributed to RA World in November 2024 targeted an unnamed Asian software company, using espionage tools typically associated with China-based cyber groups. The incident raises questions about the crossover between espionage and financially motivated attacks, hinting at a lone threat actor possibly seeking supplemental income. In parallel, the Salt Typhoon group exploited Cisco vulnerabilities to breach multiple telecommunications networks worldwide, emphasizing the ongoing risks posed by such cyber threats.
Affected: Asian software and services company; U.S. and UK telecommunications providers; South African Internet service provider; Italian Internet service provider; Thai telecommunications provider.
Keypoints :
- The RA World ransomware attack involved tools previously used in espionage, indicating a potential moonlighting scenario.
- Compromises by the attacker may have exploited a known vulnerability in Palo Alto Networks’ PAN-OS software.
- Salt Typhoon targeted vulnerable Cisco devices globally, seeking to access sensitive telecommunications data.
- Recommended mitigation includes applying security patches and securing network devices from unnecessary exposure.
Source: https://thehackernews.com/2025/02/hackers-exploited-pan-os-flaw-to-deploy.html