Threat actors target Austal USA in ransomware attack, US Navy data at risk

The US subsidiary of Australian shipbuilding company Austal has been hit by a ransomware attack, raising concerns that US Navy information has been compromised.
As seen by Cyber Daily through FalconFeeds, the attack on Austal USA was conducted by the Hunters International ransomware group, a gang that only recently appeared earlier this year.
The threat actor is yet to post any data belonging to the shipbuilder but has warned that it will post 43 sample files very soon, adding up to 87.2 megabytes of data.
According to Hunter International's leak site, the data stolen includes private data, personally identifiable information, and government data; however, no more detail has been provided beyond that.
The threat group has indicated that it has not encrypted any of Austal USA's data.
Austal USA is currently undertaking a number of highly sensitive projects as part of contracts for the US Navy, including a program for building Virginia Class nuclear-powered submarines and another for littoral combat ships, all at its Alabama mobile shipyards.
It also has navy contracts relating to US Coast Guard cutters and surveillance craft.
The theft of some of Austal USA's data could have dire effects not only on the organisation but also on the US Navy and the national security of the US itself.
The attack is not the first that Austal has suffered, after the Australian parent company of the Perth-based shipbuilder suffered a ransomware attack back in 2018.
At this stage, Austal USA has not released a statement regarding the attack.
Cyber Daily has reached out to the shipbuilder requesting comment on the incident.
The attack came as a result of stolen credentials that were sold on the dark web; however, the company said that no confidential information was lost and that it would not engage with the threat group, a stance that many organisations take today.
The recent Austal USA attack rounds out a troubling year for Austal, with three of its executives having been charged by the SEC back in March for conducting a scheme to show lower cost estimates to meet the company's budget and revenue projections.
The Hunters International hacking group is believed to have been born from the ashes of the formerly notorious Hive ransomware group, which was disbanded by the FBI in collaboration with European law enforcement agencies in January this year.
Hive was highly successful, having stolen over US$100 million in ransomware payments and a list of over 1,500 victims.
It is common for hacking groups to regroup and rebrand following being taken down or disbanded.
The belief that Hunters International is the new Hive ransomware group came after a number of code similarities were found.
Hunters International has said it is a different group and it simply bought Hive's source code.


This Cyber News was published on www.cyberdaily.au. Publication date: Wed, 06 Dec 2023 01:29:05 +0000


Cyber News related to Threat actors target Austal USA in ransomware attack, US Navy data at risk

Threat actors target Austal USA in ransomware attack, US Navy data at risk - The US subsidiary of Australian shipbuilding company Austal has been hit by a ransomware attack, raising concerns that US Navy information has been compromised. As seen by Cyber Daily through FalconFeeds, the attack on Austal USA was conducted by the ...
10 months ago Cyberdaily.au
Navy contractor Austal USA confirms cyberattack after data leak - Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense and the Department of Homeland Security confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. The company is based in ...
10 months ago Bleepingcomputer.com
U.S. Navy shipbuilder Austal says cyber incident had 'no impact on operations' - A shipbuilder for the U.S. Navy recently notified federal authorities of a cyber incident claimed by a ransomware group over the weekend. The U.S. arm of Austal - an Australia-based ship building company and defense prime contractor that specializes ...
10 months ago Therecord.media
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 week ago Aws.amazon.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
7 months ago Microsoft.com
Ransomware gang behind threats to Fred Hutch cancer patients - The Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center that resulted in patients receiving personalized extortion threats. Fred Hutch is a Seattle-based cancer research and patient care and ...
9 months ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
6 months ago Feeds.fortinet.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
8 months ago Techtarget.com
How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
9 months ago Techtarget.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
8 months ago Bleepingcomputer.com
Ransomware attack on US Navy shipbuilder leaked information of nearly 17,000 people - An April ransomware attack on a company that builds ships for the U.S. Navy exposed the information of nearly 17,000 people, according to documents filed with regulators in Maine this week. The regulatory filing comes nearly nine months after several ...
8 months ago Therecord.media
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
3 months ago Securityaffairs.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
8 months ago Darkreading.com
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
9 months ago Cyberdefensemagazine.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
9 months ago Feeds.fortinet.com
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
10 months ago Techrepublic.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
8 months ago Securityboulevard.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
8 months ago Bleepingcomputer.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
9 months ago Cyberdefensemagazine.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
9 months ago Helpnetsecurity.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
8 months ago Thedfirreport.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)