REvil cyber gang hits Army, Navy and Air defense contractor HX5


The REvil cyber gang hit a defense contractor, whose clients include the US military, in a harsh test of President Biden’s hard-hitting speech to deter cyber-attackers bombarding America.

Russia-linked REvil claimed to have stolen 23 gigabytes of data from HX5, a Florida-based defense contractor working on aerospace and weapons launch technology, and has customers the Army, Navy, Air Force, NASA, and the General Services Administration. He first posted screenshots of some of the allegedly stolen material on a website called “The Happy Blog” on Wednesday.

Targeting a company with US military clients shows that cybercriminals have not changed their behavior because of the threatened action by the US government and Mr. Biden, according to cybersecurity experts.

Brett Callow, a threat analyst at software company Emsisoft, said ransomware groups had previously targeted defense contractors, but REvil sent out an alert as the attack unfolded.

“It’s a bit like kidnapping that sends a pinky finger instead of a head,” said Mr. Callow.

Cybersecurity experts have tied REvil to Russia, but it operates with a business model of affiliates deploying attacks from all over the world.

Mr. Biden was under pressure to respond to ransomware attacks on the United States after he drew a “red line” to cyberattacks at his June 16 summit with Russian President Vladimir Putin.

The Biden administration will continue to send a “clear message” to Russia, White House press secretary Jen Psaki said on Thursday. cyber criminals works within its borders. But he declined to say what the US government would do to implement its ultimatum.

“If the Russian government cannot or does not act against criminal actors residing in Russia, we will take action,” Ms Psaki said. “Of course I’m not in a position to discuss operations in terms of what we’re going to do.”

A wave of ransomware attacks have hit businesses and organizations in the US in recent months, including companies such as schools, medical facilities, and large corporations. US fuel Provider Colony Pipeline.

REvil is the same group that previously disrupted major meat producer JBS and hit software company Kaseya with a ransomware attack last weekend, which the company says has affected less than 1,500 businesses downstream from its customers.

The gang announced their intentions by posting allegedly stolen information on HX5, which declined to comment on the cyberattack.

Money motivates ransomware attackers who hold data and systems hostage until victims pay to regain access. Reuven Aronashvili, who previously served in the Israel Defense Forces and founded cybersecurity company CYE, has proven REvil to be an innovative cyber attacker interested in both polishing his reputation and pocketing the loot.

He said that REvil’s targeting of a defense contractor demonstrated its capacity and helped cement its status as the top ransomware attacker.

“They have managed to gain credibility in their abilities and no one takes them seriously anymore,” said Mr. Aronashvili. “I think that’s part of the process. Now whether it’s connected to a government behind it that stores data, buys data and so on, that could of course be another business model.”

Details about what REvil allegedly got from the HX5 and whether the attack affected US government customers are unclear. Screenshots released by REvil show personal information of HX5 employees, including a social security number and personal data contained in a life insurance policy for an HX5 manager.

The Army and Navy declined to comment on the cyberattack that hit the HX5, and each raised questions to US Cyber ​​Command, which did not respond to requests for comment. The Air Force did not respond to requests for comment. The General Services Administration said it was not a victim of the REvil attack on Kaseya, but did not answer questions about REvil’s shooting down the HX5.

NASA He said he did not know about HX5 or the cyber incident, but was in constant coordination with the Cybersecurity and Infrastructure Security Agency on emerging cyber threats.

In an interview with cybersecurity publication The Record in March, the REvil representative claimed to have access to a ballistic missile launch system, a US Navy cruiser, a nuclear power plant, and a weapons factory. The unidentified REvil representative claimed it had the ability to start a war, but had no intention of doing so because it would not be profitable.

Mr. Aronashvili warned against believing or completely disregarding all of REvil’s claims.

“One thing we can say about them is that they’ve managed to have a lot of credibility in the market and when they say they usually have something, that’s something they can usually prove,” he said. “However, sometimes people brag a little more than they have when you talk about these kinds of high-profile goals, so I believe the truth is somewhere in the middle.”

• Jeff Mordock contributed to this report.

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *