One Medical (Amazon) legacy-storage breach; ShinyHunters 8.8TB claim unverified

One Medical (Amazon) confirmed on 2026-06-13 that an unauthorised party accessed a legacy third-party file-storage system retaining archived records for One Medical Seniors (formerly Iora Health), during a 2026-06-08 to 2026-06-11 window, affecting demographic and clinical records for patients at nine clinics (BankInfoSecurity, 2026-06-19). One Medical states the breach is confined to that legacy system. Separately, ShinyHunters claims theft of 8.8 TB and set a 2026-06-22 negotiation deadline — today — but the company has not confirmed ShinyHunters' involvement or the data volume, and no sample has been released to validate the claim. [SINGLE-SOURCE] — see § 7.

Defender takeaway: ShinyHunters' maximalist-claim-then-short-deadline pattern recurred across multiple victims this week (Kodak, covered 2026-06-20, among them); the confirmed subset is consistently smaller than the claimed one. Audit legacy and "decommissioned" third-party storage that may still hold archival PII/clinical data outside normal operational scope, and keep those systems inside third-party risk assessments. The passing 06-22 deadline is the near-term monitoring trigger: data release would corroborate the 8.8TB vector, silence suggests a pivot to negotiation.

CVE-2026-4020 is an unauthenticated information-disclosure flaw in the Gravity SMTP WordPress plugin (all versions through 2.1.4). A REST endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data ships with a permission_callback that unconditionally returns true; an unauthenticated request triggers the plugin's register_connector_data() routine, which returns a roughly 365 KB JSON system report containing API keys and OAuth tokens for every configured email connector (Amazon SES, Google Workspace, Mailjet, Resend, Zoho), plus WordPress/PHP versions, database configuration and the active-plugin inventory (The Next Web, 2026-06-20). The fix shipped in version 2.1.5 on 2026-03-17 (GitHub Advisory GHSA-jxfc-8wcq-xxcg), but mass exploitation began roughly two months later: defenders report on the order of 17 million blocked exploitation attempts, peaking in early June (The Next Web, 2026-06-20). WordPress is pervasive across European public-sector and government communications sites; any instance that ran a pre-2.1.5 version should be treated as having had its email-connector credentials harvested.

The vulnerability clears the § 2 bar on confirmed in-the-wild mass exploitation (vendor-blocked-request telemetry), not on a KEV/EUVD listing. Detection: web-server access logs for GET requests to /wp-json/gravitysmtp/v1/tests/mock-data (often with a ?page=gravitysmtp-settings parameter) from external IPs; a ~365 KB response body is a distinctive marker. Maps to T1190 Exploit Public-Facing Application → T1552.001 Unsecured Credentials: Credentials In Files. Remediation is two-step and the second step is the one most sites miss: upgrade to ≥ 2.1.5, then rotate every SES / Google / Mailjet / Resend / Zoho credential the plugin held, since the patch closes the leak but does not invalidate already-exfiltrated tokens.

The UK Information Commissioner's Office closed a two-year criminal investigation into the deliberate misuse of Catherine, Princess of Wales' medical records at The London Clinic, issuing a formal caution to a former staff member under s.170(5) of the Data Protection Act 2018 (ICO, 2026-06; Infosecurity Magazine, 2026-06-18). Section 170 — unlawful obtaining/disclosing of personal data, carrying up to two years' imprisonment — is pursued under the ICO's own criminal-prosecution authority, distinct from its civil UK GDPR fine regime; the s.170(5) caution requires an admission of guilt. The ICO found no evidence records were sold, treated the offer to disclose for financial gain as the aggravating element, and concluded the clinic's own information-governance arrangements did not warrant regulatory action. Defender takeaway: this is a textbook clinical-insider pattern — privileged Electronic Patient Record access, a high-profile data subject creating monetisation incentive, opportunistic abuse. Comparable Swiss and EU controllers face criminal exposure too (Swiss DPA Art. 60; GDPR Art. 84 member-state criminal competence). Detection posture: alert on EPR accesses outside an accessor's assigned care team (RBAC-violation hunting on access-audit logs, T1078 legitimate-access abuse), which the NHS IG Toolkit and equivalents already mandate logging for.

Cisco Talos published a technical study on 2026-05-28 examining how the DICOM medical-imaging file format yields heap out-of-bounds-write conditions across three parsers — the Python pydicom library, GDCM (Grassroots DICOM), and the parser inside Orthanc, the open-source PACS (Picture Archiving and Communication System) server widely deployed in hospital radiology (Cisco Talos, 2026-05-28). Talos frames the upload/ingestion pathway as the highest-concern surface: hospital PACS routinely auto-ingest DICOM studies received over the network from imaging modalities (CT, MRI, X-ray) via DICOM C-STORE, so a malformed study from any connected modality or compromised upstream institution can directly reach the vulnerable decoder without user action. The write primitive arises from the format's variable-length Value Representation (VR) tag structure combined with lax bounds-checking in heap allocation. The public blog post discloses no CVE identifiers and no exploit code — the underlying technique class is T1190 (exploit public-facing application) where a PACS endpoint is network-reachable, or delivery via a malicious study over DICOM networking. [SINGLE-SOURCE] (Cisco Talos primary research).

Why it matters to us: Swiss cantonal and university hospitals and EU healthcare providers — NIS2 critical entities — universally run PACS/DICOM infrastructure, and Orthanc is common in academic medical centres. The attack surface is structural to how PACS operate (mandatory DICOM connectivity to vendor equipment), so it cannot be closed by patching a single product alone. Defender posture from the research: review network segmentation between PACS servers and clinical workstations; restrict DICOM C-STORE acceptance to known modality Application Entity (AE) titles via the PACS ACL; confirm Orthanc instances run a supported version; treat studies arriving from referring institutions as untrusted input.

TechCrunch reported on 2026-05-27 that ukvisaportal.com — a third-party site marketed as an immigration portal but not affiliated with the UK Government — exposed roughly 100,000 documents via a misconfigured Amazon S3 bucket. The bucket was not publicly listed, but a backend bug exposed directory listing, enabling enumeration of every object; individual files were readable to anyone with the URL. Exposed material included full passport pages (passport number, nationality, DOB, place of birth, issue / expiry dates), accompanying address documents and selfie photographs whose EXIF GPS metadata could pinpoint the applicant's home address. The operator — UAE-registered Active Leadgen LLC — marketed under brand names including "UK Visit" and "ETA-Pass" and impersonated the official GOV.UK service; some applicants told TechCrunch they paid fees believing it was the genuine government portal. TechCrunch and TechRadar report the bucket was secured overnight after publication; no ICO breach notification has surfaced in-window.

Defender takeaway: the lookalike-government-service pattern matters operationally even outside immigration. Where the public-sector security team is responsible for citizen-facing brand integrity (federal / cantonal IT, KAPO digital-services teams), the relevant action is to scan for lookalike domains and S3 / blob buckets carrying passport / ID-document keys — Trufflehog-style scanning of cloud-storage namespaces for passport, national-id, eta filename patterns. EU residents who used the service trigger UK GDPR Art. 33 notification on the operator's side.

TechCrunch found ~100,000 passport scans and applicant selfies exposed on a public-read Amazon S3 bucket used by "UK Visa Portal," a site not affiliated with the UK government that some applicants mistook for the official GOV.UK service; the leak was unfixed at time of reporting (2026-05-29). The defender double-lesson: the technical failure is the oldest cloud-storage misconfiguration in the book (object-level public read on a sensitive bucket), and the social failure is the government-service-lookalike that harvested real identity documents from people who believed they were on an official portal — a brand-protection and citizen-awareness problem for the genuine public-sector body whose service is being impersonated. CH/EU public bodies should monitor for lookalike service domains and re-confirm that no applicant-document storage is world-readable.

ESET Research published a technical analysis on 2026-05-20 of Webworm — also tracked as FishMonger / Aquatic Panda / SixLittleMonkeys / Space Pirates — documenting a 2025 campaign pivot to European governmental organisations in Belgium, Italy, Serbia and Poland, plus a South African university; the group has abandoned its prior primary backdoors (Trochilus RAT, McRat / 9002 RAT) in favour of two new custom implants — EchoCreep (which ESET describes as written in Go) and GraphWorm (ESET WeLiveSecurity, 2026-05-20). EchoCreep uses Discord as a bidirectional C2 channel, encoding commands with base64 + AES-CBC-128; it creates per-victim Discord channels named after the victim IP (or IP+hostname), supports file upload/download and cmd.exe command execution, and ESET recovered 433 decrypted Discord messages dating back to 2024-03-21 from four unique victim channels (T1102.002 Web Service: Bidirectional Communication, T1059.003 Windows Command Shell). GraphWorm is more capable: an implant (implementation language not stated in the ESET write-up) that authenticates against the Microsoft Graph API and uses per-victim OneDrive directories for C2, with /createUploadSession for large-file exfiltration and AES-256-CBC + base64 encoding on uploaded data (T1102.002, T1071.001 Application Layer Protocol — Web Protocols); it persists at logon and spawns cmd.exe sessions under the implant's process context. The custom proxy toolkit added in 2025 includes WormFrp (a modified frp that pulls its config from a compromised AWS S3 bucket wamanharipethe.s3.ap-south-1.amazonaws.com), ChainWorm (multi-hop chaining), SmuxProxy, and WormSocket (socket.io-based proxy); a SharpSecretsdump Impacket-look-alike credential dumper was uploaded to the same S3 bucket in October 2025 (T1003.001 OS Credential Dumping: LSASS Memory) (ESET, 2026-05-20; The Hacker News, 2026-05-20). Files exfiltrated from victims and staged in the S3 bucket included virtual-machine snapshots from an Italian governmental entity and an mRemoteNG connection-configuration file plus a Microsoft Visio infrastructure diagram from a Spanish governmental entity — both documents that materially aid follow-on intrusion. Initial-access tradecraft documented against Serbian targets used CVE-2017-7692 (SquirrelMail post-auth RCE), implying credential theft preceded webmail exploitation. Why it matters to us: the cloud-API C2 design (Discord, Microsoft Graph) blends with legitimate enterprise traffic and defeats domain / URL block-lists. Detection concept — alert on Sysmon EID 3 outbound HTTPS to discord.com/api/* or graph.microsoft.com from process trees whose parent is not the expected first-party application (Discord.exe, Teams.exe, OneDrive.exe, Office); correlate Graph API non-interactive sign-ins in Entra ID for app registrations with no enterprise approval path; flag cmd.exe spawned by long-running services with no interactive user context. Hardening — Conditional Access for the Microsoft Graph application restricting non-managed device sign-ins; block socket.io and Discord WebSocket outbound at the SWG for server workloads that have no business reason; force first-party-only WebSocket egress on government-segment workstations.

A Nightwing government contractor used a public GitHub repository named "Private-CISA" as a personal sync mechanism between work and home machines, exposing highly-privileged credentials for CISA / DHS infrastructure from approximately 2025-11-13 to 2026-05-15 — about six months (Krebs on Security, 2026-05-18; Gizmodo, 2026-05-19). GitGuardian researcher Guillaume Valadon surfaced the repository on 2026-05-15. Exposed material included administrative credentials for three Amazon AWS GovCloud accounts, plaintext usernames and passwords (AWS-Workspace-Firefox-Passwords.csv) for dozens of internal CISA systems, SSH keys and cloud tokens, and credentials to CISA's internal Artifactory code-package repository ("LZ-DSO" — Landing Zone DevSecOps). The contractor had deliberately disabled GitHub's default push-protection secret scanning. Independent researcher Philippe Caturegli (Seralys) validated AWS keys against live GovCloud accounts at high privilege and confirmed the keys remained valid for at least 48 hours after the repository was taken down. CISA acknowledged a ~one-third workforce reduction from buyouts and resignations under the Trump administration may have weakened oversight of contractor behaviour.

Why it matters to us: Caturegli identified the Artifactory access as the highest-impact exposure — write access to a national cybersecurity agency's build-package repo would enable backdoor insertion into anything CISA built or deployed (T1195.002 Supply Chain Compromise: Compromise Software Supply Chain). The transferable lesson for EU/CH national CERT operators is independent of US politics: contractors and integrators with write access to NCSC / BSI / ANSSI build pipelines must be subject to organisation-level GitHub push-protection that administrators cannot disable, mandatory short-lived OIDC role assumption (no long-lived AWS keys), Artifactory access-log SIEM integration with off-hours bulk-download anomaly detection, and quarterly secret-scanning sweeps of contractor personal repos under contract. T1552.001 (Credentials In Files) / T1552.004 (Private Keys).

If you did nothing this week: Swiss and DACH healthcare operators with internet-exposed Cisco ASA / FTD, Fortinet SSL-VPN, or VMware ESXi management interfaces — Akira's documented edge-device initial-access targets — face the same playbook used here. Groupe 3R confirmed the attack on its own website 2026-04-30, filed a criminal complaint, notified the Federal Office for Cybersecurity (BACS/OFCS), and explicitly stated it will not pay ransom; Akira's leak-site listing on approximately 2026-05-08 claims 48 GB exfiltrated including employee identity documents, patient records, payment information, and signed NDAs (Groupe 3R victim statement, 2026-04-30 · ICTjournal.ch, 2026-05-06 · Blick.ch, 2026-05-07 · daily 2026-05-10).

Groupe 3R (Réseau Radiologique Romand) operates ~20 medical-imaging centres across seven Swiss cantons listed in the operator statement (Vaud, Valais, Fribourg, Genève, Neuchâtel, Berne — six in Romandie — plus Zürich in German-speaking Switzerland) — a direct Swiss critical-health-infrastructure incident, and the operator's second cyberattack within twelve months (the prior April 2025 incident is acknowledged in the operator's own statement as having involved different attackers and methodology). Legacy examination data remains inaccessible at week-end; new examination data security has been restored on rebuilt infrastructure. Data-exfiltration was not confirmed by the victim; Akira's leak-site post asserts 48 GB exfiltrated. Akira's documented playbook against European healthcare and SME targets emphasises edge-device initial access (Cisco ASA/FTD CVEs, Fortinet SSL-VPN CVEs, VMware ESXi authenticated RCE) and intermittent file-encryption to evade EDR file-IO heuristics — observed ATT&CK techniques include T1190, T1133 External Remote Services, T1486 Data Encrypted for Impact, and T1567 Exfiltration Over Web Service. Defenders should re-validate patch state on the edge devices in Akira's standard target list, confirm EDR rules trigger on intermittent-encryption write-skip-write file-IO patterns, and verify radiology-modality VLAN segmentation from corporate Active Directory — PACS/RIS environments tend to co-tenant with Windows file shares, providing trivial east-west reach once an attacker lands. The Akira-as-actor attribution comes from ransomware.live (aggregator), not from the victim or an independent primary; logged with confidence HIGH on incident, MEDIUM on actor.

Kaspersky researchers documented a campaign technique using legitimate Amazon Simple Email Service (SES) accounts to deliver attacker-crafted phishing and business-email-compromise (BEC) lures. Because messages originate from genuine SES infrastructure, SPF and DKIM authentication passes and messages evade most email security gateway filters based on sender reputation. Attackers obtain SES API credentials from publicly exposed AWS configuration files (S3 bucket misconfigurations, leaked GitHub repositories). Observed campaign goals include invoice-fraud lures targeting finance departments and credential phishing pages hosted on AWS infrastructure. Kaspersky observed targeting of finance departments at European manufacturing firms. This report is approximately 96 hours old at publication; first coverage in this brief series.