Share this article on:
Threat actors have listed major Australian mechanic and roadside assistance franchise Ultra Tune on the dark web, claiming to have stolen sensitive data.
On 18 October, the Fog threat group listed Ultra Tune on its dark web leak site, claiming to have exfiltrated three gigabytes of data from the company’s systems.
The company said it took human resources, personal employee data, customer contact data and “databases with many [sic] internal company information”.
That data reportedly includes driver’s licenses, passports, medical certificates, and more.
Outside of this, Fog provided little to no information regarding the incident. Additionally, the nature of the incident is unknown, with no timer or ransom set publicly for the listing, suggesting that it may not be a case of ransomware.
Cyber Daily has reached out to Ultra Tune for a statement on the incident.
The Fog ransomware group is a young threat actor, having been first identified on 2 May 2024 by Arctic Wolf researchers.
The group shares tactics and similarities with other threat groups, but researchers from Cyber Centaurs suggest its attacks prioritise “speed and efficiency over the more complex, multi-stage attacks observed in other contemporary ransomware operations”.
The Cyber Centaurs report also suggests that the group doesn’t operate a leak site or resort to the exfiltration of data to speed up its operations. However, the Ultra Tune breach demonstrates that the group has launched a leak site, with all listings dated to October 2024.
Alongside Ultra Tune, the group has only listed two other organisations – Cordogan Clark and Associates and Fromm Beauty.
Cyber Daily will continue to provide updates on this developing story as it progresses.