vicesociety attacks Consejo Superior de
Incident Date:
August 18, 2022
Overview
Title
vicesociety attacks Consejo Superior de
Victim
Consejo Superior de
Attacker
Vicesociety
Location
First Reported
August 18, 2022
Consejo Superior de la Judicatura Targeted by Play Ransomware Group
About the Victim
The Consejo Superior de la Judicatura, a pivotal Colombian government entity tasked with overseeing the administration of justice, plays a crucial role in the appointment and promotion of magistrates, as well as the broader administration of the judicial system. Its official website serves as a vital resource for judicial information, including notices, lists of aspirants for magistrate positions, and updates on judicial terms.
Size and Industry Standout
As a significant component of the Colombian government's justice administration, the Consejo Superior de la Judicatura's influence and role underscore its importance, particularly in the context of the impact of the ransomware attack it suffered.
Vulnerabilities
The Play Ransomware group, also identified as Playcrypt, targets organizations with identifiable security weaknesses. Their method involves exploiting known vulnerabilities, including exposed RDP servers and specific FortiOS vulnerabilities (CVE-2018-13379 and CVE-2020-12812), to infiltrate networks. Subsequently, they employ various techniques such as lolbins, Group Policy Objects, scheduled tasks, PsExec, and wmic for distributing executables and commandeering the internal network.
Mitigation Strategies
Organizations can mitigate the risk of ransomware attacks through several strategies: implementing multifactor authentication, adhering to the least privilege principle, enabling both logical and physical network segmentation, deploying attack surface management, securing domain controllers, maintaining offline and encrypted backups, and diligently tracking security patches along with software/OS updates.
The attack by the Play Ransomware group on the Consejo Superior de la Judicatura underscores the imperative for organizations to fortify their cybersecurity defenses. The exploitation of known vulnerabilities coupled with advanced evasion techniques by ransomware groups poses a significant threat to targeted entities. It is essential for organizations to remain vigilant about emerging threats and to adopt comprehensive security measures to safeguard against such attacks.
Sources
- Consejo Superior de la Judicatura - Noticias
- SOCRadar - Dark Web Profile: Play Ransomware. Available at https://www.socradar.com
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.