Unidentified Automotive Supplier Breached Three Times within Two Months
An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company's systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol (RDP) connection. After the initial compromise, LockBit, Hive, and ALPHV/BlackCat affiliates also gained access to the victim's network on April 20, May 1, and May 15, respectively.
While dual ransomware attacks are increasingly common, "this is the first incident we've seen where three separate ransomware actors used the same point of entry to attack a single organization," Sophos X-Ops incident responders said according to a report in Bleeping Computer.
Incident Date
April 20, 2022
Location
Estimated Cost
Unknown
Victims
Type of Malware
Threat Source
Industries
Impacts
IT