OmniVision Technologies is a company that specializes in developing advanced digital imaging solutions. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 billion. OmniVision Technologies Inc. is an American subsidiary of Chinese semiconductor device and mixed-signal integrated circuit design house Will Semiconductor. The company designs and develops digital imaging products for use in mobile phones, laptops, netbooks and webcams, security and surveillance cameras, entertainment, automotive and medical imaging systems.
In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware<\/a> attack.
“On September 30, 2023, OVT became aware of a security incident that resulted in the encryption of certain OVT systems by an unauthorized third party. In response to this incident, we promptly launched a comprehensive investigation with the assistance of third-party cybersecurity experts and notified law enforcement. At the same time, we took proactive measures to remove the unauthorized party and ensure the security of OVT systems.” reads the data Breach Notification<\/a>. “This in-depth investigation determined that an unauthorized party took some personal information from certain systems between September 4, 2023, and September 30, 2023. On April 3, 2024, after completion of this comprehensive review, we determined that some of your personal information was involved.”<\/em><\/p>\n\n\n\n
At this time is unclear the number of the impacted individuals.
The Cactus ransomware operation<\/a> has been active since March 2023, Kroll researchers reported that the ransomware strain is notable for the use of encryption to protect the ransomware binary.<\/p>\n\n\n\n
Cactus ransomware uses the SoftPerfect Network Scanner (netscan) to look for other targets on the network along with PowerShell commands to enumerate endpoints. The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap<\/a> Tool.<\/p>\n\n\n\n
The Cactus ransomware relies on multiple legitimate tools (e.g. Splashtop, AnyDesk, SuperOps RMM) to achieve remote access and uses Cobalt Strike and the proxy tool Chisel<\/a> in post-exploitation activities.<\/p>\n\n\n\n
Cactus uses the Rclone tool for data exfiltration and used a PowerShell script called TotalExec, which was used in the past by BlackBasta<\/a> ransomware operators, to automate the deployment of the encryption process.<\/p>\n\n\n\n
In early January, the Cactus ransomware group\u00a0claimed<\/a>\u00a0to have hacked Coop, one of the largest retail and grocery providers in Sweden.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0data breach)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"