Share this article on:
The US subsidiary of Australian shipbuilding company Austal has been hit by a ransomware attack, raising concerns that US Navy information has been compromised.
As seen by Cyber Daily through FalconFeeds, the attack on Austal USA was conducted by the Hunters International ransomware group, a gang that only recently appeared earlier this year.
The threat actor is yet to post any data belonging to the shipbuilder but has warned that it will post 43 sample files very soon, adding up to 87.2 megabytes of data.
According to Hunter International’s leak site, the data stolen includes private data, personally identifiable information, and government data; however, no more detail has been provided beyond that.
Additionally, the threat group has indicated that it has not encrypted any of Austal USA’s data.
Austal USA is currently undertaking a number of highly sensitive projects as part of contracts for the US Navy, including a program for building Virginia Class nuclear-powered submarines and another for littoral combat ships, all at its Alabama mobile shipyards.
It also has navy contracts relating to US Coast Guard cutters and surveillance craft.
The theft of some of Austal USA’s data could have dire effects not only on the organisation but also on the US Navy and the national security of the US itself.
Austal USA has said it is aware of the incident, and has been liaising with the relevant authorities.
"Austal USA recently discovered a data incident," a company spokesperson told Cyber Daily via email. "We were able to quickly mitigate the incident resulting in no impact on operations."
"Regulatory authorities, including the Federal Bureau of Investigation (FBI) and Naval Criminal Investigative Service (NCIS) were promptly informed and remain involved in investigating the cause of the situation and the extent of information that was accessed."
According to Austal USA, "No personal or classified information was accessed or taken by the threat actor."
"Austal USA recognises the seriousness of this event and the special responsibility we have as a DoD and DHS contractor," the spokesperson said. "Our assessment is on-going as we seek to fully understand this incident so that we can prevent a similar occurrence."
The attack is not the first that Austal has suffered, after the Australian parent company of the Perth-based shipbuilder suffered a ransomware attack back in 2018.
The attack came as a result of stolen credentials that were sold on the dark web; however, the company said that no confidential information was lost and that it would not engage with the threat group, a stance that many organisations take today.
The recent Austal USA attack rounds out a troubling year for Austal, with three of its executives having been charged by the SEC back in March for conducting a scheme to show lower cost estimates to meet the company’s budget and revenue projections.
“We allege that Austal USA’s executives manipulated its financial results, causing harm to US investors in the securities of its parent company, Austal Limited,” said Jason Burt, regional director of the SEC’s Denver office.
“As the complaint articulates, if the defendants had not fraudulently manipulated the cost estimates, Austal Limited would have missed, by wide margins, analyst consensus estimates for EBIT.”
The Hunters International hacking group is believed to have been born from the ashes of the formerly notorious Hive ransomware group, which was disbanded by the FBI in collaboration with European law enforcement agencies in January this year.
Hive was highly successful, having stolen over US$100 million in ransomware payments and a list of over 1,500 victims.
#Hive is back!
— rivitna (@rivitna2) October 20, 2023
Now they are #Hunters International!https://t.co/JmJva3JEeo pic.twitter.com/VuE4nruH6v
It is common for hacking groups to regroup and rebrand following being taken down or disbanded. The belief that Hunters International is the new Hive ransomware group came after a number of code similarities were found.
“It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International,” said Bitdefender’s technical solutions director, Martin Zugec.
However, Hunters International has said it is a different group and it simply bought Hive’s source code.
“The group appears to place a greater emphasis on data exfiltration,” added Zugec.
“Notably, all reported victims had data exfiltrated, but not all of them had their data encrypted,” making Hunters International more of a data extortion outfit.
Updated December 12 to add Austal USA comments.