Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have claimed an alleged data breach on a Western Australia-based operational technology and engineering firm, claiming to have stolen incredibly sensitive business and personal data.
Intellect Systems is a Perth-based end-to-end operational technology solutions provider that deals with both domestic and international markets. They are a part of the Fortune 200 company Quanta Services as of this year, which is a “leading contractor in electric power and pipeline services”.
The Akira ransomware gang listed Intellect Systems on its dark web leak site earlier this week, claiming to have exfiltrated corporate and personal data.
“We are going to upload 10gb corporate data. Lots of employee information (passports, DLs, medical information, death and birth certificates), confidentiality agreements, contracts, financial information, project information and other files,” the group said on its site.
The threat actor did not disclose when the allegedly stolen data would be released, nor did it provide a sample of the supposedly stolen data.
Cyber Daily has reached out to Intellect Systems for more information.
The Akira ransomware gang has been targeting SonicWall firewall devices since last month, according to new warnings.
Security analysts and SonicWall itself have been warning of malicious activity targeting its firewall devices since last month, and this week, the Australian Cyber Security Centre (ACSC) warned Aussie companies that the Akira ransomware gang was the culprit and going after Australian organisations.
However, while the ACSC warned of the threat actor taking advantage of a year-old vulnerability, CVE-2024-40766, the actual attack chain is more complex, with Akira exploiting multiple vulnerabilities to gain access to their victims’ networks.
Cyber security firm Rapid7 has responded to multiple SonicWall-focused Akira intrusions in the last month and found that not only are the hackers taking advantage of devices with unchanged passwords, but also two other vulnerabilities.
“Following its initial communication last month, SonicWall posted additional security guidance around the SSLVPN Default Users Group Security Risk. This is a security risk which, in certain configurations, can over-provision access to SonicWall’s SSLVPN services based on the Default LDAP group configurations,” Rapid7 said in an 11 September blog post.
“This can allow users who are not permitted to SSLVPN to successfully obtain access to the SSLVPN irrespective of Active Directory configurations.”
Rapid7 said it also observed the threat group abusing the SonicWall Virtual Office Portal.
“The Virtual Office Portal can be used to initially set up MFA/TOTP configurations for SSLVPN users. The Virtual Office Portal in certain default configurations allows public access to the portal, which can allow threat actors to configure MFA/TOTP with valid accounts if there is a prior username and password credential exposure,” it said.
“Evidence collected during Rapid7’s investigations suggests that the Akira group is potentially utilising a combination of all three of these security risks to gain unauthorised access and conduct ransomware operations. ”
Be the first to hear the latest developments in the cyber industry.
