Snatch Claims it Breached Hemeria Group, partner of the French Space Agency CNES

April 18, 2022

The Snatch ransomware group has claimed in a post on February 17, 2023, that it has breached the systems of Hemeria Group, a partner of defense and space systems maker of the French Space Agency CNES in 2022. According to the leak site post, the operators of Snatch state they initiated talks with the Palace of Versailles to maintain caution because the company data is considered a state secret.

Cybersecurity researchers have posted about the Hemeria Group data breach with screenshots from the ransomware group’s post.
Hemeria management replied by denying having anything to do with the data that Snatch had. The firm also did not seem to be affected by the data breach news.

read more

Hackers Target Indian Defense Explosives Manufacturing Contractor, Solar Industries Limited India.

January 21, 2023

The parent company of a private defence ministry contractor manufacturing explosives, Solar Industries Limited India, has been the target of a ransomware attack, a government official said, in an incident that experts said could pose a threat to security if documents were leaked. “The government is investigating the extent of the data compromised and the source of the attack.” an official familiar with the matter said, asking not to be named. The official could not confirm if a ransom demand had been made so far, or whether data was stolen by the attackers.

A listing on the dark web by a group that calls itself Black Cat (Alphv) claimed to have stolen two terabytes of data. BlackCat published images of the stolen documents and pictures taken from the company’s security cameras as proof of the hack. The claims, however, could not be independently verified by HT.

read more

European defense contractor, Hensoldt, allegedly Victim of Snatch Ransomware Attack.

August 18, 2022

A French subsidiary of HENSOLDT AG, and part of its subsidiaries (“Nexeya”), have become the target of a serious cyber attack on its IT infrastructure in recent days. According to current information, both of Nexeya’s data centers in France have been affected, and it is likely that a significant amount of data has been accessed and systems have been encrypted. Nexeya’s ongoing operations have been impacted by this cyber attack.

A comprehensive investigation of the incident has been launched immediately, in close cooperation with the relevant authorities.

Work is proceeding at full speed to restore Nexeya’s ongoing operations as quickly as possible. According to current knowledge, the IT infrastructure and data of other companies of the HENSOLDT Group are not affected.

read more

Ransomware Attack on ForceNet Communication Platform used by Australian Military

September 10, 2022

Hackers attacked ForceNet’s communications platform used by Australian military personnel and defense staff. The ForceNet service is run by Dialog Information Technology. The Australian Dept. of Veteran Affairs’ website states: “Defence has announced that it has been informed that an external ICT service provider which facilitates ForceNet has been subject to a ransomware attack. ForceNet is a Defence e-communications platform used to connect registered users within secure online communities. To be clear, this is not an attack on Defence ICT”
ITWire in Australia reports on 31 October that Dialog was hit by an attack which used the Agenda ransomware that runs only on Windows. The group behind the attack, Qilin, announced it on the dark web on 19 September.

This is the 9th attack in little over a month, affecting Australia’s biggest companies, likely exposing the details of millions of customers.

read more

Sophisticated Phishing Campaign Targets Military and Weapons Contractors

September 27, 2022

Security researchers have discovered a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. The highly targeted attacks begin with a phishing email sent to employees, leading to a multi-stage infection involving many persistence and detection avoidance systems.The campaign stands out for its secure C2 infrastructure and multiple layers of obfuscation in the PowerShell stagers. The campaign stands out for its secure C2 infrastructure and multiple layers of obfuscation in the PowerShell stagers.

read more

DoE Nuclear Subcontractor Suffers Cyber Attack

June 10, 2021

A subcontractor for the Department of Energy (DoE) that conducts nuclear weapons-related work, said it fell victim to a security breach.
Sol Oriens is the name of the consulting firm working with DoE’s National Nuclear Security Administration, the federal agency which has a mission of enhancing and securing U.S. nuclear stockpiles. Sol Orien’s work with the nuclear agency remain unclear to the public at this point.

read more

Ransomware Bites Defense Manufacturer, Communications & Power Industries

January 15, 2020

An unsegmented domain appears to be a key aspect into the downfall of a defense industry manufacturer that suffered a ransomware attack.
A source with knowledge of the incident said the defense contractor paid a ransom of about $500,000 shortly after the incident in mid-January, but the company was not yet fully operational, according to a report with
California-based Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company works with the U.S. Department of Defense and its advanced research unit DARPA.

read more