Hackers claim to have stolen around 400 GB of data, including firmware source code and financial data. If confirmed, the hit would be REvil’s biggest in months.
Notorious hacker cartel REvil, labeled dead for several months, appears to have come back to life. The group says it has breached Midea Group, a major Chinese electrical appliance manufacturer.
Cybernews reached out to Midea Group for comment, but we haven’t received any reply before publishing the article.
REvil’s leak site, seen by Cybernews, displays uploaded screenshots of the data the group claims to have stolen from the company. One of the pictures shows a folder titled ‘Target Properties,’ weighing 11.7 GBs. Another screenshot shows a folder that holds 373 GBs worth of information.
Midea Group employs over 150,000 people, owns over 200 subsidiaries, and boasts a revenue of over $53 billion. The company claims to be ranked 245 on the Global Fortune 500 list.
The company owns a majority stake in German company KUKA, the world’s largest robots and appliances producer.
“We have all data from plm system (blueprints, source of firmware, etc.), and also, we have financial information which we are ready to sell. A lot of source code, git and svn which will be publish [sic] soon,” REvil posted on the leak site.
The death throes of REvil
The notorious REvil ransomware gang is best known for extortion attacks against meat supplier JBS and software company Kaseya. Both attacks sent shockwaves through the infosec community and posed questions about the safety of critical infrastructure.
However, in January, the Russian domestic intelligence service, the FSB, detained 14 people and seized 426 million roubles, $600,000, 500,000 euros, computer equipment, 20 luxury cars, and other assets. At the time, many speculated this might be the final nail in REvil’s coffin.
Cybersecurity researchers noted that traces of the group coming do appear in some attacks. However, experts have no clear answer whether the original REvil is back. Even if REvil is not back, it’s not uncommon for cybercriminals to rebrand or completely change their modus operandi.
More from Cybernews:
Subscribe to our newsletter