SOC News | Apr 24 – Full AMMEGA Data Breach Published
Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA’s data breach.
AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Cactus ransomware gang in early March.
The ransomware operators exfiltrated 3 TB of data and initially demanded a ransom of $9 million for all the contents or $90,000 for the file tree. The data contains sensitive business information, including customer and supplier data such as drawings, blueprints, invoices, contracts and orders, or personal employee information such as pay checks, ID cards, dossiers and more.
On April 23, 2024, the data breach was made public on Cactus’ .onion website, accessible via the TOR network. Our Threat Intelligence Platform SATAYO alerted us about it as data belonging to our customers was detected inside. Our analysts are now analyzing the leaked documents to quickly inform our stakeholders and prevent document misuse by third parties.
TeamViewer, the popular remote access software developed by the company of the same name, discovered an irregularity in its internal IT environment on 26 June. They disclosed the potential breach in a statement the following day, stating that they had Read More
On May 21, Veeam published details about four different vulnerabilities detected in their product Veeam Backup Enterprise Manager (VBEM). One of them is critical and allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface Read More
SYNLAB, European leader in medical diagnostic services, was the victim of a cyber attack last April. The compromised infrastructure is the one that runs Italians clinics only, other countries were not affected. In early May, ransomware group BlackBasta claimed responsibility Read More
During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim Read More
Cisco Talos identified a previously unknown state-sponsored actor behind ArcaneDoor, a sophisticated cyber espionage campaign targeting the perimeter network devices of several vendors. This actor is now tracked as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. The Read More