Carding 4 Carders
Professional
First the Chilean army, then the GTD operator. Are these incidents related and what are the hackers trying to achieve?
Grupo GTD, a Chilean telecommunications company that provides services to customers across Latin America, has been hit by a massive cyberattack. The incident disrupted the operation of IaaS ("infrastructure as a service") services and led to interruptions in the operation of online resources.
Attackers attacked GTD systems on the morning of October 23. Services such as the data processing center and voice communication over IP were also affected, and the quality of Internet connection on all servers was also affected.
To prevent further spread of malware, the company's specialists were forced to completely disable the IaaS infrastructure.
Today, the Chilean Cyber Incident Response Team (CSIRT) officially confirmed that this is a ransomware attack. The CSIRT requested that all government agencies using GTD's IaaS services immediately notify the Government and scan their systems for compromise.
Although the exact name of the malware has not yet been disclosed, sources say that it is a previously unknown version of the Rorschach ransomware. This cryptographer was first discovered by Check Point experts in April 2023 during the investigation of a cyber attack on one of the major American firms.
According to experts, Rorschach is a very complex and fast-acting ransomware virus. It can encrypt absolutely all files on your device in just 4 minutes and 30 seconds. So far, researchers have not been able to link it to any of the known groups.
According to an official report, hackers exploited vulnerabilities in the technology of spoofing DLL libraries in legitimate programs from Trend Micro, BitDefender and Cortex XDR.
This made it possible to load a library into GTD systems, which was actually a Rorschach injector (loader). The injector injected malicious code disguised as a configuration file named "config[.]ini". After being implemented, the ransomware began imperceptibly encrypting all data on the infected device by file.
CSIRT also released technical details related to the attack. In particular, the names of executable files were mentioned u.exe and d.exe from TrendMicro and BitDefender. These legitimate programs were used by attackers to replace libraries and launch malware.
Earlier this year, a similar attack by the Rhysida ransomware virus was carried out against the Chilean armed forces. Then hackers stole and published in the public domain more than 300 thousand confidential documents.
Representatives of Grupo GTD have not yet commented on additional details of the incident.
Grupo GTD, a Chilean telecommunications company that provides services to customers across Latin America, has been hit by a massive cyberattack. The incident disrupted the operation of IaaS ("infrastructure as a service") services and led to interruptions in the operation of online resources.
Attackers attacked GTD systems on the morning of October 23. Services such as the data processing center and voice communication over IP were also affected, and the quality of Internet connection on all servers was also affected.
To prevent further spread of malware, the company's specialists were forced to completely disable the IaaS infrastructure.
Today, the Chilean Cyber Incident Response Team (CSIRT) officially confirmed that this is a ransomware attack. The CSIRT requested that all government agencies using GTD's IaaS services immediately notify the Government and scan their systems for compromise.
Although the exact name of the malware has not yet been disclosed, sources say that it is a previously unknown version of the Rorschach ransomware. This cryptographer was first discovered by Check Point experts in April 2023 during the investigation of a cyber attack on one of the major American firms.
According to experts, Rorschach is a very complex and fast-acting ransomware virus. It can encrypt absolutely all files on your device in just 4 minutes and 30 seconds. So far, researchers have not been able to link it to any of the known groups.
According to an official report, hackers exploited vulnerabilities in the technology of spoofing DLL libraries in legitimate programs from Trend Micro, BitDefender and Cortex XDR.
This made it possible to load a library into GTD systems, which was actually a Rorschach injector (loader). The injector injected malicious code disguised as a configuration file named "config[.]ini". After being implemented, the ransomware began imperceptibly encrypting all data on the infected device by file.
CSIRT also released technical details related to the attack. In particular, the names of executable files were mentioned u.exe and d.exe from TrendMicro and BitDefender. These legitimate programs were used by attackers to replace libraries and launch malware.
Earlier this year, a similar attack by the Rhysida ransomware virus was carried out against the Chilean armed forces. Then hackers stole and published in the public domain more than 300 thousand confidential documents.
Representatives of Grupo GTD have not yet commented on additional details of the incident.
