iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Threat actors have claimed a cyber attack against big four accounting and audit firm Deloitte.
The Brain Cipher ransomware gang listed Deloitte UK on its dark web leak site overnight, claiming to have exfiltrated over a terabyte of data.
“Unfortunately, giant companies do not always do their job well,” the threat group said.
“Using the example of the results of this company, you can draw certain conclusions:
“ How the ‘elementary points’ of information security are not observed.
“We will compare the contract between the customer and the contractor (Deloitte.com) with the results of its execution.
“We will show excellent(not) monitoring work, and tell what tools we used, and use there today.”
While the threat group did not post a sample of the allegedly stolen data, it has set a countdown on the listing for 11 days, after which it will post a sample of the data.
“Soon we will tell you about this incident.
“We will provide an example of data that has leaked.
“The volume of compressed data [is] more than 1tb,” the threat group said.
Deloitte has yet to confirm the incident publicly. Cyber Daily has reached out to Deloitte for confirmation and a statement on the incident.
The Brain Cipher ransomware gang first appeared in June this year when it targeted the Indonesian government, demanding a ransom of US$8 million.
The group uses a minimally modified version of the LockBit 3.0 builder for its encryptor, according to WatchGuard.
Like other ransomware groups, it poses as a helpful entity aiming to assist organisations in restoring systems.
“If you’re reading this, it means your systems have been hacked and encrypted and your data stolen.
“The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours,” it said.
The group also warns against going to authorities, attempting to recover data without them or engaging “third-party” data recovery firms.
“In most cases, they are scammers who will pay us a ransom and a take..for themselves,” it said.
Victims who do not cooperate with their rules will apparently not be cooperated with.
Deloitte suffered a cyber incident just months ago, with threat actors claiming to have leaked internal communications.
The company was listed on a popular dark and clear web hacking forum in late September by IntelBroker, the leader of the CyberN-----s ransomware gang, claiming to have email addresses, internal communications between users of the company intranet and other internal settings.
The breach reportedly occurred as a result of Deloitte accidentally exposing an Apache Solr server to the internet.
“They were using the default login credentials for this server, which was then breached,” said IntelBroker.
Within the listing, IntelBroker shared “proof” of the cyber attack, including screenshots of the server access and a sample, which seems to suggest that the allegedly stolen data belonged to the Italian division of the company.
Speaking with Cyber Daily, Deloitte did not verify whether an attack had occurred, but it said that client and customer data was not yet threatened.
“Our investigation has found no threat to client data or other sensitive data related to this incident,” it said.
Be the first to hear the latest developments in the cyber industry.
