Cyber security news for all

More

    U.S. Aerospace service provider hacked by MAZE Ransomware

    The latest in a long line of cyberattacks orchestrated by Maze Ransomware is the aerospace device provider- V.T. San Antonio Aerospace (VT SAA). VT SAA is a Texas-based aerospace service provider, which is a subsidiary of Singapore-based technology firm S.T. Engineering.

    The threat actors have claimed responsibility for the hacking a massive 1.5 terabytes of classified and private data stolen during the breach.

    The Vice president and general manager of the firm, Ed Onwe, stated that “a sophisticated group of cybercriminals, known as the MAZE group, gained unauthorized access to our network and deployed a ransomware attack.” This serves as the second attack from the hackers with the first attack dating back to 7th March.

    A folder location was the key to the discovery of the breach; renamed files and associated ‘DECRYPT-FILES.txt’ located in the same folder as encrypted files.

    Following the breach, the company immediately took steps to minimize the fallouts. They took some systems offline, alerted law enforcement agencies, and sought forensics advisors investigating the threat.

    The company continued inspections of the breach and also recovered lost data. They contained the “infection” and realized that targeted areas were mostly S.T. Engineering’s U.S. commercial operations.

    Details about the stolen data have not been released yet, but it is assumed that data such as company’s financial record, schedules, a line up of projects, and exclusive contracts details signed with government parastatals like NASA, American Airline, etc., might be included.

    The hackers M.O involve stealing data (which will be used as ransom) before injecting a payload and encrypting the data in the victim’s system.

    Right now, the stolen 1.5terabytes of data is being used to force the “hands” of the company.

     

    MAZE ransomware can be introduced into a system via phishing emails. Once contact is made, data is stolen for ransom and the encryption process follows suit. Failure to meet up to their demands results in data being leaked. The MAZE ransomware operators target prominent companies and hope to pressurize them into paying.

     

     

    Recent Articles

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox