The US subsidiary of Australian shipbuilding company Austal has been hit by a ransomware attack, raising concerns that US Navy information has been compromised.
As seen by Cyber Daily through FalconFeeds, the attack on Austal USA was conducted by the Hunters International ransomware group, a gang that only recently appeared earlier this year.
The threat actor is yet to post any data belonging to the shipbuilder but has warned that it will post 43 sample files very soon, adding up to 87.2 megabytes of data.
According to Hunter International's leak site, the data stolen includes private data, personally identifiable information, and government data; however, no more detail has been provided beyond that.
The threat group has indicated that it has not encrypted any of Austal USA's data.
Austal USA is currently undertaking a number of highly sensitive projects as part of contracts for the US Navy, including a program for building Virginia Class nuclear-powered submarines and another for littoral combat ships, all at its Alabama mobile shipyards.
It also has navy contracts relating to US Coast Guard cutters and surveillance craft.
The theft of some of Austal USA's data could have dire effects not only on the organisation but also on the US Navy and the national security of the US itself.
The attack is not the first that Austal has suffered, after the Australian parent company of the Perth-based shipbuilder suffered a ransomware attack back in 2018.
At this stage, Austal USA has not released a statement regarding the attack.
Cyber Daily has reached out to the shipbuilder requesting comment on the incident.
The attack came as a result of stolen credentials that were sold on the dark web; however, the company said that no confidential information was lost and that it would not engage with the threat group, a stance that many organisations take today.
The recent Austal USA attack rounds out a troubling year for Austal, with three of its executives having been charged by the SEC back in March for conducting a scheme to show lower cost estimates to meet the company's budget and revenue projections.
The Hunters International hacking group is believed to have been born from the ashes of the formerly notorious Hive ransomware group, which was disbanded by the FBI in collaboration with European law enforcement agencies in January this year.
Hive was highly successful, having stolen over US$100 million in ransomware payments and a list of over 1,500 victims.
It is common for hacking groups to regroup and rebrand following being taken down or disbanded.
The belief that Hunters International is the new Hive ransomware group came after a number of code similarities were found.
Hunters International has said it is a different group and it simply bought Hive's source code.
This Cyber News was published on www.cyberdaily.au. Publication date: Wed, 06 Dec 2023 01:29:05 +0000