Top Cyber Attacks OF February 2024 – Devastating Organizations

In the ever-changing cybersecurity landscape, getting ahead of emerging threats is critical. As we delve into the cyber attacks of February 2024, it becomes clear that the digital domain is a war for bad actors looking to exploit weaknesses and disrupt systems. From complex ransomware operations to targeted phishing scams, the top cyberattacks this month highlighted the ongoing issues that individuals and organizations throughout the world confront.In this article we will explore the most prominent cyber attacks of February 2024 that made to headlines, delving into their techniques, consequences, and implications for the future of cybersecurity.

Some of the victims of cyber attacks of February 2024 include UnitedHealth, Axie Infinity co-founder’s personal accounts, Hewlett Packard Enterprise, AnyDesk, French healthcare payment service providers Viamedis and Almerys, Integris Health, Schneider Electric, Lurie Children’s Hospital, California Union, and Trans-Northern Pipelines. We will look into these cyber attacks as we move further in this article

Top Cyber Attacks OF February 2024

Let us travel into the cyber realm of February 2024 to discover the digital battlegrounds where malevolent players have unleashed their crafty strategies and disruptive maneuvers.

Now let us look into the cyber attacks which took place in the month of February 2024

Lurie Children’s Hospital – February 01, 2024

Threat Actors: Rhysida Ransomware Group

Due to the cyber attack, which occasionally caused delays in medical care and disrupted regular operations, Lurie Children’s Hospital was obliged to take its IT systems offline. According to the healthcare provider, the incident affected the hospital’s phone, email, internet, and MyChat platform access.

The ransomware Rhysida asks $3.6 million in exchange for the stolen data of minors.

California Union (SEIU 1000) – February 08, 2024

Threat Actors: Lockbit Ransomware Group

One of California’s biggest unions acknowledged that a cyber attack was causing network interruptions. The LockBit ransomware group claimed to have taken 308 gigabytes of data from the union, including financial records, employee salaries, Social Security numbers, and more.

California union confirms ransomware attack following LockBit claims.

Hyundai Motor Europe – February 08, 2024

Threat Actors: Black Basta Ransomware Group

Hyundai Motor Europe was the victim of a Black Basta ransomware assault, with the attackers claiming to have taken three terabytes of business data. An image supplied by the threat actors depicted lists of folders reportedly stolen from various Windows domains, including those of KIA Europe.

Hipocrate Information System (HIS) – February 11, 2024

Threat Actors – N/A

Out of 100 hospitals, 25 confirmed that their data had been encrypted by the attackers, and 75 other HIS-enabled healthcare facilities took their systems offline as a precautionary measure while the incident was examined. According to the Romanian Ministry of Health, the perpetrators demanded 3.5 BTC in ransom (approximately €157,000).

Fulton County, Georgia – February 11, 2024

Threat Actors: Lockbit Ransomware Group

The LockBit ransomware gang claimed responsibility for the recent cyber attack on Fulton County, Georgia, and threatened to reveal “confidential” records if the ransom was not paid. Hackers attacked the county’s systems over the last weekend of January, creating significant IT failures affecting phone, judicial, and tax services.

Trans-Northern Pipelines – February 13, 2024

Threat Actors: ALPHV/BlackCat Ransomware Group

Trans-Northern Pipelines (TNPI) has stated that its internal network was penetrated in November 2024 and that it is currently investigating claims of data loss made by the ALPHV/BlackCat ransomware group. The cyber attack affected a small number of internal computer systems, and the ransomware gang claimed its operators seized 183 GB of records from the company’s network.

PlayDapp – February 13, 2024

Threat Actors – N/A

The PlayDapp ecosystem’s cryptocurrency, PLA tokens, are worth approximately 1.79 billion. It is thought that hackers stole and mint these tokens using a stolen private key. 200 million PLA tokens, worth $36.5 million at the time, were reportedly created via an unauthorized wallet, and PeckShield, a blockchain security startup, said that the attacker might have done so by using a leaked private key.

Critical infrastructure software maker PSI Software SE – February 19, 2024

Threat Actors – N/A

PSI Software SE, a German software developer for complicated production and logistics operations, has revealed that it was subjected to a ransomware attack that affected its internal infrastructure. The attack led them to disconnect several their systems, including email, in order to reduce the danger of data loss.

Sony subsidiary Insomniac Games – February 23, 2024

Threat Actors: Rhysida Ransomware Group

Insomniac Games, a Sony company, sent data breach notification letters to workers whose personal information was stolen and released online following a November ransomware attack. In December, Sony announced that it was looking into the ransomware gang’s claims that it hacked Insomniac Games’ network and stole over 1.3 million files. After negotiations failed and the gaming studio refused to pay the $2 million ransom, Rhysida uploaded 1.67 TB of material on its dark web leak site.

Hessen Consumer Center – February 27, 2024

Threat Actors – N/A

The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability. 

UnitedHealth – February 22, 26, and 28, 2024

Threat Actors: ALPHV/BlackCat Ransomware Group

The massive healthcare company UnitedHealth Group has revealed that following a cyberattack on the Change Healthcare platform by “nation-state” hackers, Optum, a subsidiary, was compelled to shut down IT infrastructure and a number of services. BlackCat claimed to have taken 6TB of data from Change Healthcare’s network, which belonged to “thousands of healthcare providers, insurance providers, pharmacies, etc.” in a statement that was posted on their dark web leak website.

AT&T – February 22, 2024

Threat Actors – Chinese Hackers

A nationwide cell phone outage affects AT&T customers; users of Verizon and T-Mobile are also impacted. Tens of thousands of AT&T users were left without service for hours, according to Downdetector.

Change healthcare – February 22, 2024

Threat Actors – BlackCat ransomware

Healthcare billing and data systems provider Change Healthcare, with headquarters in Nashville, Tennessee, has acknowledged that it is currently battling a cyberattack that has disrupted its network. On February 21, 2024, the attack was discovered, and swift action was done to control the situation and stop its effects.

Axie Infinity – February 22, 2024

Threat Actors – Unknown

Axie Infinity, a computer game, and its parent company, Ronin Network, were co-founded by a person who had about $10 million in cryptocurrencies taken from personal accounts. According to reports, Jeff “Jihoz” Zirlin’s wallets were hacked for 3,248 Ethereum tokens, or roughly $9.7 million. Zirlin acknowledged on social media that two of his accounts had been infiltrated.

Steel producer ThyssenKrupp – February 26, 2024

Threat Actor – Unknown

ThyssenKrupp, a massive steel company, has acknowledged that its Automotive division was compromised by hackers, necessitating the shutdown of IT systems in order to respond and contain the situation.

FCKeditor plugin – February 26, 2024

Threat Actor – Unknown

Threat actors compromised government and educational institutions throughout the globe by using a CMS editor that was shut down 14 years ago to taint search results with bogus websites or frauds. This effort is purportedly targeting educational institutions, including Purdue, MIT, Columbia University, and the University of Washington. The effort also targeted business and governmental websites that were still utilizing the out-of-date FCKeditor plugin, such as Yellow Pages Canada, and the government websites of Texas, Virginia, and Spain.

In summary, February 2024 saw a spike in sophisticated cyber attacks that went at vital infrastructures, companies, and people all across the world. The month highlighted the constantly changing threat faced by cyber adversaries, from ransomware operations that crippled critical services to supply chain hacks that compromised sensitive data. Malicious actors’ techniques are evolving along with technology, which highlights the critical necessity for strong cybersecurity protections and proactive defensive plans against these cyber attacks. To reduce risks and defend against future cyber attacks, diligence, cooperation, and investment in cybersecurity are still critical. In an increasingly linked world, the cyber attacks of February 2024 serve as a sobering reminder of the continual vigilance needed to preserve our digital assets and infrastructure.