Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

Summary

A Russian-language ransomware operation called Play claims it breached MyPillow, stealing customer and financial records, and set a Friday deadline for payment before publishing data. Mike Lindell denied the hack as a political attack. Separately, the FBI warned that Silent Ransom Group is escalating tactics by sending operatives in person to company offices to steal data directly, marking a shift toward physical intrusions in ransomware campaigns.

Full text

CommentLoaderSave StorySave this storyCommentLoaderSave StorySave this storyThe United States military has known for years that enemies could use location data to track troops’ phones—and it’s also long been aware of easy fixes for the problem. The Pentagon adopted almost none of these protections, though, in spite of admitting in a letter exposed this week that US adversaries are actually using the data to target soldiers in war. Meanwhile, US law enforcement warned this week about “anti-tech extremism” as AI backlash grows around the country.After a nearly 90-day internet shutdown, connectivity started to trickle back into Iran this week amid internal political power struggles and ongoing negotiations with the US to end its war with Tehran. Researchers cautioned that it is unclear how extensive the restoration will be and whether connectivity will only return temporarily.As cybercriminals and offensive hackers ramp up their use of AI to exploit vulnerabilities and develop hacking tools, the technology is also radically changing the dynamics of how security researchers hunt for vulnerabilities. And scammers are using real hotel reservation data and other travel details to conduct effective spear-phishing campaigns, potentially accessing customer data from 350 hotels and vacation rentals around the world.And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillowPlay, a Russian-language ransomware operation that has affected more than 900 organizations since 2022, posted to its dark-web leak site on Monday claiming it had pulled “private and personal confidential data, clients' documents, budget, payroll, IDs, taxes,” and other financial records from MyPillow. The Minnesota-based home goods company is run by Mike Lindell, who is among at least 10 Republicans seeking the party’s nomination for governor of Minnesota in August’s primary. Lindell is also one of the most prolific backers of Donald Trump’s false claims of victory in the 2020 election.Play reportedly set a Friday deadline for MyPillow to make contact before publishing the data online. Lindell told Straight Arrow News, which broke the story of the ransomware claims on Tuesday, that his company was not hacked and that allegations that it was are a political hit job.“This is another hit job by outside sources because I’m running for governor,” Lindell said. “I guarantee it. We do not have any breaches in our data at all.”Lindell has been on the losing end of two recent defamation rulings over his 2020 election claims: A federal jury in Colorado last year found that he had defamed Eric Coomer, a former Dominion Voting Systems director, and ordered Lindell and his media platform, FrankSpeech, to pay $2.3 million in damages; a federal judge in Minnesota separately ruled in September that Lindell had defamed Smartmatic through 51 false statements about its voting machines, with damages still to be set at trial.A Ransomware Group Is Stealing Data in PersonIn recent years, ransomware groups have become more aggressive and ruthless in their efforts to obtain money from victims. Most of these criminal hackers now focus on stealing data and extorting companies rather than using malware to lock computer systems. But in rare occasions, ransomware groups have been seen directly threatening executives, or contacting people named in stolen data, to try to obtain payment. The FBI said this week that one ransomware group is going even further: sending people to steal data directly from companies IRL.Among more traditional social engineering techniques, the FBI says the Silent Ransom Group (SRG), which is targeting law firms, has sent people to company offices to directly get access to computers. “By sending someone in person to the victim’s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI said in an alert. Security researchers say the tactic has not been seen before. The FBI did not provide any information about who the Russian-speaking ransomware group was sending to conduct its attacks, but researchers believe they could be paying freelancers who do not necessarily know who they are working for.BusPatrol School Bus Cameras Aim to Feed Surveillance Data to CopsThe AI surveillance company BusPatrol, which has installed its cameras in tens of thousands of US school buses, says that it will now turn those cameras into automatic license plate readers that will record the location of every vehicle a BusPatrol school bus passes and make the data available to law enforcement without a warrant. The initiative would turn the familiar yellow buses into what 404 Media aptly described as “roaming surveillance vehicles.” BusPatrol technology, and school bus surveillance tech more broadly, was originally intended to be used for ticketing vehicles that illegally pass stopped buses—a critical safety issue for children.Dropping ShotSpotter Improved Chicago Police Response Times for 911 CallsUniversity of Chicago sociology professor Rob Vargas found this month that the Chicago Police Department was four minutes faster in responding to the most urgent non-gunshot 911 calls in the six-month period after Mayor Brandon Johnson shut down ShotSpotter gunshot detection tech in 12 neighborhoods in September 2024. Analyzing Chicago city data as well as data obtained through public records requests, Vargas compared the time period with the preceding six months during which ShotSpotter was still active. The data couldn’t be used to assess response times for calls specifically related to gunshots, but it indicated that ShotSpotter alerts may have been occupying officers with false positives and delaying them in responding to other types of critical 911 calls. “It is clear that ShotSpotter wasted officers’ time by sending them on wild-goose chases,” Vargas told WTTW News.

Indicators of Compromise

• malware — Play
• malware — Silent Ransom Group (SRG)

Entities