3 Ransomware Gangs Breached An Automotive Supplier In 2 Weeks

Share post:

LockBit, Hive, and ALPHV/BlackCat affiliates breached an automotive supplier’s systems within two weeks, with two of the attacks occurring within just two hours.

Before the automotive supplier was attacked by the ransomware strains, its security had been compromised by a likely initial access broker (JAB) in December 2022. The attack exploited a misconfiguration of the firewall to breach the domain controller server with a Remote Desktop Protocol (RDP) connection.

The vulnerability was exploited on May 1, after LockBit and Hive ransomware payloads were distributed over the network, whereby the legitimate PsExec and PDQ Deploy tools were used within two hours to encrypt more than a dozen systems during the attack.

In addition to encrypting files, the LockBit ransomware strain also stole and exfiltrated data to the Mega Cloud storage service.

Two weeks after the attack, a BlackCat attacker exploited the same flaw in the company’s management server to install the legitimate Atera Agent remote access solution.

The attackers gained persistence on the network, delivered ransomware payloads and exfiltrated stolen data.

The recovery attempts became complicated after the BlackCat affiliate erased evidence by deleting shadow copies and clearing out the Windows Event Logs on the compromised systems.

Businesses are advised to keep their systems up-to-date and check their environment for backdoors or bugs that attackers can introduce and help them regain access to a network after removal.

The sources for his piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Apple reduces forecasts for Vision Pro as demand cools in key US market

In an unexpected shift, Apple has drastically reduced its shipment forecasts for the upcoming Vision Pro, indicating a...

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

AI surpasses human benchmarks in most areas: Stanford report

Stanford University’s Institute for Human-Centered Artificial Intelligence (HAI) has published the seventh annual issue of its AI Index...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways