[ad_1]
The US subsidiary of Australian shipbuilding company Austal has been hit by a ransomware attack, raising concerns that US Navy information has been compromised.
As seen by Cyber Daily through FalconFeeds, the attack on Austal USA was conducted by the Hunters International ransomware group, a gang that only recently appeared earlier this year.
The threat actor is yet to post any data belonging to the shipbuilder but has warned that it will post 43 sample files very soon, adding up to 87.2 megabytes of data.
According to Hunter International’s leak site, the data stolen includes private data, personally identifiable information, and government data; however, no more detail has been provided beyond that.
Additionally, the threat group has indicated that it has not encrypted any of Austal USA’s data.
Austal USA is currently undertaking a number of highly sensitive projects as part of contracts for the US Navy, including a program for building Virginia Class nuclear-powered submarines and another for littoral combat ships, all at its Alabama mobile shipyards.
It also has navy contracts relating to US Coast Guard cutters and surveillance craft.
The theft of some of Austal USA’s data could have dire effects not only on the organisation but also on the US Navy and the national security of the US itself.
The attack is not the first that Austal has suffered, after the Australian parent company of the Perth-based shipbuilder suffered a ransomware attack back in 2018.
At this stage, Austal USA has not released a statement regarding the attack. Cyber Daily has reached out to the shipbuilder requesting comment on the incident.
The attack came as a result of stolen credentials that were sold on the dark web; however, the company said that no confidential information was lost and that it would not engage with the threat group, a stance that many organisations take today.
The recent Austal USA attack rounds out a troubling year for Austal, with three of its executives having been charged by the SEC back in March for conducting a scheme to show lower cost estimates to meet the company’s budget and revenue projections.
“We allege that Austal USA’s executives manipulated its financial results, causing harm to US investors in the securities of its parent company, Austal Limited,” said Jason Burt, regional director of the SEC’s Denver office.
“As the complaint articulates, if the defendants had not fraudulently manipulated the cost estimates, Austal Limited would have missed, by wide margins, analyst consensus estimates for EBIT.”
The Hunters International hacking group is believed to have been born from the ashes of the formerly notorious Hive ransomware group, which was disbanded by the FBI in collaboration with European law enforcement agencies in January this year.
Hive was highly successful, having stolen over US$100 million in ransomware payments and a list of over 1,500 victims.
#Hive is back!
Now they are #Hunters International!https://t.co/JmJva3JEeo pic.twitter.com/VuE4nruH6v
— rivitna (@rivitna2) October 20, 2023
It is common for hacking groups to regroup and rebrand following being taken down or disbanded. The belief that Hunters International is the new Hive ransomware group came after a number of code similarities were found.
“It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International,” said Bitdefender’s technical solutions director, Martin Zugec.
However, Hunters International has said it is a different group and it simply bought Hive’s source code.
“The group appears to place a greater emphasis on data exfiltration,” added Zugec.
“Notably, all reported victims had data exfiltrated, but not all of them had their data encrypted,” making Hunters International more of a data extortion outfit.
[ad_2]
Source link