The Chilean Army has been hit by a major ransomware attack that compromised its internal network and exposed sensitive documents. The attack was carried out by the Rhysida ransomware group, which claims to be a cybersecurity team with a noble mission of helping victims secure their networks.
According to the Chilean Army, the security incident occurred last month and was quickly contained by its security team. The Army also notified the Computer Security Incident Response Team (CSIRT) of the Joints Chiefs of Staff about the incident. However, the Rhysida ransomware group has already published 30% of all the data they claim to have stolen from the Army’s network on their dark web data leak site. The leaked data includes around 360,000 documents related to the Chilean military sector.
The Rhysida ransomware group is a relatively new player in the ransomware scene, having emerged in May 2023. The group uses phishing campaigns and Cobalt Strike or similar C2 frameworks to infiltrate their targets’ networks and deploy their payloads. The group’s malware uses the ChaCha20 algorithm for encryption and launches a cmd.exe window upon execution. It also scans the local drives and drops PDF ransom notes that redirect the victims to the group’s Tor leak portal, where they can find the payment instructions.
The Rhysida ransomware group claims they are not motivated by money, but by a desire to help their victims improve their security posture. However, this claim is dubious at best, considering that they are extorting their victims for ransom and exposing their confidential data online. The Chilean Army has not disclosed whether it has paid any ransom to the attackers or not. The government has also arrested an Army corporal for his alleged involvement in the ransomware attack.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp