September 29, 2023

The worldwide charity group Save the Kids Worldwide confirmed that it was not too long ago hit with a cyberattack after a ransomware group claimed to have breached the group’s methods.

A spokesperson for the charity — which has been offering help to youngsters in growing nations for greater than a century — mentioned the hackers gained unauthorized entry to elements of their community however didn’t say when the assault occurred. The group has about 1,300 workers throughout 100 nations, and offered help to 118 million youngsters in 116 nations in 2022.

“There was no operational disruption and the group continues to perform as regular to construct a greater future for youngsters internationally. We’re working onerous with exterior specialists to know what occurred and what knowledge was impacted so we are able to take all the suitable subsequent steps,” the spokesperson instructed Recorded Future Information.

“This course of is complicated and takes time, however stays our absolute precedence. Our methods are additionally secured, and we’re assured within the ongoing integrity of our IT infrastructure. A lot of these incidents are a actuality that every one organizations face, however it’s disappointing that Save the Kids, whose core function is to assist these most in want, can be topic to such unwarranted exercise.”

The spokesperson added that the investigation is ongoing and that they’re working with regulation enforcement companies, pledging that the group “will unravel this.”

The assault got here to gentle after the BianLian hacker gang boasted of stealing 6.8 TB of information from the group, together with private info, monetary knowledge, healthcare information and emails.

BianLian has focused the healthcare, schooling, insurance coverage and media industries since a minimum of December 2021. Little is thought about the place the group relies however they made waves in March with an assault on a Spanish amusement park big.

The gang shifted away from ransomware assaults after cybersecurity agency Avast launched a decryptor in January that allowed victims to unlock their knowledge with out paying a ransom.

The group, nevertheless, was spotlighted by the FBI, Cybersecurity and Infrastructure Safety Company (CISA), and Australian Cyber Safety Centre (ACSC) in Could after concentrating on a number of U.S. essential infrastructure sectors since June 2022.

The hackers additionally focused essential infrastructure in Australia alongside a number of different industries, utilizing legitimate Distant Desktop Protocol (RDP) credentials, open-source instruments and extra to exfiltrate knowledge and extort cash out of victims.

“BianLian group initially employed a double-extortion mannequin through which they encrypted victims’ methods after exfiltrating the information; nevertheless, round January 2023, they shifted to primarily exfiltration-based extortion,” the companies mentioned.

“FBI, CISA, and ACSC encourage essential infrastructure organizations and small- and medium-sized organizations to implement the suggestions within the Mitigations part of this advisory to cut back the chance and influence of BianLian and different ransomware incidents.”

Save the Kids beforehand handled a breach in July 2020 that was brought on by an assault on certainly one of its software program distributors, Blackbaud. The hackers stole info on the charity’s supporters, together with names, contact knowledge and particulars about their donations to Save the Kids.

Save the Kids is simply the most recent main charity to face cyberattacks within the final 12 months after each Amnesty Worldwide and the Crimson Cross suffered breaches. The Norwegian Refugee Council and The Worldwide Centre for Migration Coverage Growth have additionally confronted assaults.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than shifting again to New York Metropolis, he labored for information shops in South Africa, Jordan and Cambodia. He beforehand lined cybersecurity at ZDNet and TechRepublic.