Cuba ransomware actors, which have been active since 2019, continue to target U.S. entities in critical infrastructure, including financial services, government facilities, healthcare and public health, critical manufacturing and information technology. […] FBI and CISA added that the ransomware gang has modified its tactics, techniques and procedures since the start of the year and has been linked to the RomCom malware, a custom remote access trojan for command and control, and the Industrial Spy ransomware. The advisory notes that the group — which cybersecurity company Profero previously linked to Russian-speaking hackers — typically extorts victims by threatening to leak stolen data. While this data was typically leaked on Cuba’s dark web leak site, it began selling stolen data on Industrial Spy’s online market in May this year. CISA and the FBI are urging at-risk organizations to prioritize patching known exploited vulnerabilities, to train employees to spot and report phishing attacks and to enable and enforce phishing-resistant multi-factor authentication.
Read more of this story at Slashdot.