The notorious BlackCat ransomware group said it infiltrated the internal network of Virginia-based IT service provider Technica and stole documents related to the FBI and other US intelligence agencies.
Founded in 1991, Technica Corporation provides information technology solutions to several U.S. federal government agencies, including the Federal Bureau of Investigation. According to the company’s website, it “supports the Federal Government and their mission to support, to defend and protect America’s citizens.”
Recently, the infamous ALPHV/BlackCat ransomware group claimed that it infiltrated the network of Technica and stole “documents related to the FBI and other US intelligence agencies.”
According to a screenshot shared by Cybersecurity analyst and security researcher, Dominic Alvieri on X, the group claims to have stolen 300GB of data from the company and is willing to sell or publish the same if the company does not contact the group.
“Leaks of classified and top secret documents. Documents related to the FBI and other US intelligence agencies. If Technica does not contact us soon, the data will either be sold or made public,” the hacker group announced.
According to CyberScoop, the ALPHV/BlackCat ransomware group also claimed to have obtained documents related to the Defense Counterintelligence and Security Agency (DCSA) which carries out background investigations and insider threat analyses.
To support its claims, the group has shared more than two dozen screenshots of stolen documents that contain names, social security numbers, clearance levels, roles and work locations of several people.
The screenshots also include billing invoices, contracts for entities ranging from the FBI to the U.S. Air Force and information related to private entities and facilities who contract with the U.S. government.
Acknowledging the claims of the ransomware group, Sue Gough, a spokesperson for the Defense Department, told CyberScoop, “The Defense Counterintelligence and Security Agency is aware of the allegations of this incident and is coordinating with the appropriate law enforcement and security officials to address concerns.
“We will not comment on any cleared facility’s security posture or any specific security incidents,” Gough added. Neither Technica nor the FBI or the U.S. Air Force have commented on the claims of the threat actors.
Commenting on the news, Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told the Daily Dot that “incidents like this shouldn’t be considered in isolation. Exfiltrated data can be combined with information obtained in other attacks and from other sources, so breaches can be more significant than they may seem.”