Ghostface Website Emerges as Global Cyber Threat Targeting Financial Institutions
WASHINGTON, D.C. — A newly identified cybercriminal platform, referred to as the ghostface website, has been linked to a series of coordinated cyberattacks on major financial institutions across North America and Europe over the past 48 hours.
WHAT: Security researchers have detected the ghostface website, a sophisticated darknet marketplace that facilitates the sale of stolen banking credentials and ransomware tools. The platform reportedly employs advanced encryption and anonymization techniques, making it difficult for law enforcement to trace.
WHO: The Federal Bureau of Investigation, alongside the European Union Agency for Cybersecurity, has issued a joint advisory. Cybersecurity firm Mandiant has identified the operation as the work of a new threat actor, designated as TA-Ghostface, believed to operate out of Eastern Europe.
WHEN: The first incident involving the ghostface website was reported on Tuesday, with the most recent attack occurring early Thursday morning, targeting a major multinational bank headquartered in London, resulting in a temporary suspension of online services.
WHERE: The ghostface website is hosted on a distributed network of servers spanning multiple countries, including the Netherlands and Ukraine. The attacks themselves have targeted at least seven banks in the United States, Canada, Germany, and the United Kingdom.
WHY: Preliminary analysis suggests the motive is financial gain, with the ghostface website seeking to profit from the sale of compromised data and ransomware payments. Authorities are investigating whether the platform is linked to state-sponsored activities.
A spokesperson for the FBI urged all financial institutions to review their cybersecurity protocols and avoid interacting with the ghostface website. The investigation remains ongoing.