Cybernews weekly briefing: ransom gang that stole the show… and maybe the data


Crooks toyed with some big names this week, putting Deutsche Bank, SpaceX, Bombardier, Shell, and other well-established institutions in the spotlight. Time has yet to show us how well-grounded any of those claims are.

Deutsche Bank

ADVERTISEMENT

The infamous LockBit ransomware gang has allegedly stolen 60GB of data from Deutsche Bank, one of the biggest banks in Europe. The data is now allegedly for sale on the dark web. Our research team reviewed some data from the ad on the dark web but it remains unclear what that information represents since the publicly shared images do not even mention Deutsche Bank.

We’ve been in touch with the bank media team, and it has been responsive, however, we have no official comment to share with you at the time of publishing.

SpaceX

LockBit once again made headlines this week by claiming to have breached the SpaceX contractor, Maximum Industries. The gang said stolen data contains “about 3,000 drawings certified by SpaceX engineers” and they would launch an auction as soon as next week.

Cybernews has found no direct evidence of the collaboration between Elon Musk’s corporation and the aforementioned Maximum, a Texas-based company specializing in waterjet, laser cutting, and CNC (computer numerical control) machining services.

Later this week, LockBit shared a couple of files as “proof” they have SpaceX data, but even experts at this point are confused about what they are looking at.

Again, we reached out to both of the companies to get a clearer view, but received no answer to date.

ADVERTISEMENT

Cl0p spree

Bombardier, Shell, Stanford university – Cl0p gang claims to have breached them all, together with another couple of dozen victims.

Naturally, we’ve reached out to at least five alleged victims to get their perspective, but haven’t heard back yet.

Cl0p dedicated a blog post to each of the victims, sharing basic info about the institutions, and some sample files. At this point, just by looking at the public data, it’s hard to draw any conclusions about how dangerous the alleged breaches are or even if they’ve actually occurred.

Some data samples seem pretty random. For example, a blog post on Shell contains a picture of a Mexican passport and two US visas issued to Mexican citizens. A post on Bombardier is accompanied by a few business agreements, engineering drawings, and screenshots with a couple of personal email addresses and phone numbers.

Cl0p blog
Screenshot by Cybernews

Every post offers links for downloading the data, but we haven’t, and are waiting for companies to investigate the claims.

Rubrik, a US-based data security company, listed by the Cl0p gang earlier this week, has confirmed an “unauthorized access” to one of its servers.

One possible answer to this recent spree might be the zero-day vulnerability in Fortra's GoAnywhere MFT file-sharing platform. Earlier, Cl0p told BleepingComputer it had stolen data from 130 organizations by abusing the bug. We haven’t independently confirmed this but our journalists are looking into the case, with more analysis to follow.

In other news

ADVERTISEMENT
  • Safran Group, a top aviation player with $19 billion in revenue and projects with Airbus and James Webb Telescope, left itself vulnerable to cyberattacks. If criminals were to lay their hands on the publicly exposed company files, they could abuse them to gain privileged access to the company’s website and launch phishing campaigns, among other things.
  • US-based Lowe’s Market grocery store chain was leaking a treasure trove of private credentials, which left the company vulnerable to potential attacks by cybercriminals.
  • A photo leak of Apple's much-anticipated mixed-reality headset led to even more speculation on what the device, expected to be released this year, might look like.
  • The UK banned TIkTok on devices owned by the government amid concerns about the potential misuse of the platform. It also faces a ban in the US.
  • Meanwhile, similar name but very different target: Black Basta claimed to have hit Marshall, a British amplifier and speaker-cabinet maker. No more details are available at the time of writing.

Editor’s choice:

ChatGPT: how OpenAI’s bot is used in war-torn Ukraine

Cyber crooks jump on SVB collapse to loot client money and data

New threat actor wages espionage campaigns across Central Asia and Eastern Europe

'Classified' documents behind Russian Sputnik vaccine posted online

Attackers mimic Social Security and threaten victims with SSN termination

Subscribe to our newsletter

ADVERTISEMENT